Some facts about the Motorola ADSP AirDefense solutions. Wireless Intrusion Prevention Systems (IPS)
Why should you secure wireless?
Fixed wired networks use cables or fibre that meet at a switch. The switch then distributes these signals only to where they are needed... again through wires. So if you can physically secure the wires, then the chance that someone taps into it is lowered.
Wireless systems must use a broadcast technique and it is more like a speaker standing on a box in a public park compared to the relative privacy of fixed wires. Because of this, anyone within listening range can monitor your wireless signals.
Of course the instant reaction to this threat is to use strong encryption. However, any given organisation has no visibility of deviations from the standards laid down for wireless. Many employees could add an access point (AP) without the knowledge of the security team. In that situation, there is no guarantee that it will be configured securely.
Additionally, when a new AP is added to a system, it can be like letting multiple people talk at once inside a lift. The extra wireless transmission can easily interfere with the designed sections of the network.
Even with strong encryption, there are ways to infiltrate a system, especially if the passwords are weak. Someone can gather data from outside your building, and use brute-force methods or dictionary-based attacks to try and break into the system.
Sometimes, legitimate users within the organisation can accidentally or purposefully connect to a neighbouring system. This situation is very undesirable.
Finally, even those organisations who have a "no wireless" policy cannot possibly know if that policy is enforced unless the airwaves are monitored.
The ADSP (AriDefense Services Platform) gives you the ability to monitor all of these situations, and more.
Three key functions
Apart from security, monitoring your system lets you run reports that illustrate such due diligence. Therefore the ADSP helps to provide documentation for government and Payment Card Compliance (PCI). Normally, with PCI for example, an audit conducted every year, six months or three months is required for organisations that are processing credit cards. Failure to be compliant can attract big fines, and having a security breach is extremely disruptive and expensive. The audits are expensive too. Also, because they are periodic, the typical audit is only a snapshot. What you really need is 24x7 monitoring, and the ability to illustrate compliance at the push of a button when needed. This ability to generate ad-hoc reports and continuous monitoring saves money on expensive audits.
When you have continuous monitoring, then the next logical thing to do with the data is to generate alerts when something out of the ordinary happens. The ADSP will do this.
To manage a network, you need visibility, and central control; but since it's common to find multiple vendors and multiple versions within a network, this becomes difficult. The ADSP is already in a position to observe all the wireless devices on the network (It's vendor agnostic) so it is in a perfect position to be a central management station. So from one platform, you can manage:
- Operational Status
With a wired network, when someone uses a microwave oven, that oven will not interfere with the signals in the wire. However, since a microwave oven uses the same frequency spectrum (2.4GHz) as wireless signals for 802.11, then it can easily disrupt performance. The ADSP has a tool to chart outside interference from a microwave, or heavy machinery, electrical arc welding, and any other source of noise. For email transmission a few minutes delay would not be a proble, but today, many organisations demand high availability for use with Voice Over Internet Protocol (VOIP) equipment. When the board is conducting an international digital conference, then the combined salaries over a five minute period of disruption can accumulate to a lot of money. To have visibility of the noise levels in a system is to have the power to prevent or fix it rapidly.
When someone uses a laptop in wireless-mode and cannot connect, finding a problem is difficult. In some cases, a wireless engineer might be flown across the country to diagnose a fault with an AP, only to find that the problem exists in the laptop. The ADSP give you the ability to temporarily convert one of the sensors into a clone of the laptop and diagnose the problem from head-office. The potential saving for operational events like this is huge.
When it's time to call the cops...
In the unpleasant situation where a suspected or confirmed security breach in play, you need reliable data for a forensic investigation.
The ADSP stores information and you can draw on that to assist a forensic and evidence gathering activity. Every minute it stores 325 data points for each identified wireless device.
While a problem is still current, it will also give you complete visibility of what the devices are doing. This is called "Live View".
Just where IS that device?
Since wireless devices are often mobile, it's not possible to track their location using traditional paper-based accounting methods or their electronic equivalent.
The ADSP can locate devices to within a 10m radius in real time. It can do this when there are at least three sensors arranged roughly in a triangle. The method used is to estimate the bearing and signal strength of a mobile device from three points. It then makes a triangulation calculation and estimates where this device is placed. The data is recorded so you can track it over time. The data is available as a 2 dimensional heat-map.
- Motorola Air Defense Services Platform Wireless Intr...
This is a review of the Motorola Air Defence Intrusion Prevention System (ADSP). If you have wireless devices in your network then this is an excellent product to consider. If you don't have wireless devices in your network, then how do you know? Thi
More by this Author
The Wi-Fi standards 802.11x use so many abbreviations that it makes it extremely frustrating to read any text on the subject. For some reason authors seem to like using too many TLAs all over the text without expanding...
Palo Alto's Next Generation Firewall is described in detail.
Find out the physics behind a crazy equation that Farnsworth wrote on the blackboard at Mars University. There is a lot more to it that you might realise.