Product Reviews

Administrators are spoilt for choice when it comes to general network management, as there are plenty of quality products on the market. Wireless networks get the same star treatment, but we've also seen a number of products claim an awful lot but fail to deliver. Not so with Airespace, as this company offers an unusual setup with some unique management and monitoring facilities and teams them up with some of the toughest wireless security measures we've seen.

The Airespace Wireless Enterprise Platform comprises the company's management software along with WLAN switches and access points (APs). Airespace has focused primarily on the enterprise sector but the latest 3500 switch being previewed here brings precisely the same features within the grasp of the SME. Physically it's much smaller than the 4000 switching products, doesn't provide PoE and only supports a maximum of six Airespace APs. However, it runs the same embedded Airespace Director code and provides the same features as its bigger siblings, plus it integrates with the optional ACS (Airespace Control System) software.

So how does the Airespace solution work? Essentially, the APs are the system's eyes and ears on the wireless network. Along with providing standard client network access services, they can monitor the network for beacon signals and identify rogue APs and ad-hoc networks. It gets even better as multiple Airespace APs can be used to 'gang up' on the rogue and stop it from being used. Appropriately called containment, the APs send out false signals to confuse clients and stop them associating with the rogue. This system has proved to be so successful that we were advised that a number of wireless PC Card vendors have modified their software to circumvent an Airespace blockade and in one case changed its software to stop responding to broadcast de-authentications. Naturally, you'll be relying entirely on Airespace to stay ahead of the game, and the company stated that it regularly tests these products and updates its AP code to foil each vendor's escape plan. There's much more to the APs, as they also provide RF signal strength measurements which are incorporated into a central database and used by ACS to track wireless client locations and movements, and to provide accurate maps of radio coverage.

Installation starts with the switch. A simple Quick-start Wizard run from the

ADVERTISEMENT

CLI sorts out network IP address assignments. Next come the APs, which are designed to slot straight into the wireless network with no initial configuration. They support the yet-to-be-ratified LWAPP (lightweight access point protocol), which allows them to seek out Airespace switches and, once validated, will automatically receive wireless security and QoS (quality of service) policies along with channel and power output settings.

The switch's secure web interface is easy enough to use and provides a complete rundown on network statistics along with lists of clients, Airespace APs, 802.11a and b/g services, plus identified rogue APs, clients and ad-hoc networks. Selecting a rogue AP shows associated clients and the Airespace APs that picked it up, from which you can opt to contain the rogue. We added three unauthorised APs onto the network and they were spotted immediately. You can also use the Director to create service, QoS and security policies, and deploy them to selected APs. QoS profiles limit the number of users that can associate with an AP and determine available wireless bandwidth and queue depths. Security measures can be enforced by requiring encryption and authentication, and policies can automate AP containment responses.

The ACS software brings into play some interesting management features and our favourite is the mapping capability. Load a BMP, GIF or JPEG drawing of your building into the Airespace Floor Plan Editor, add walls, doors and windows and then import it into ACS. Next you position the identified APs within the structure and sit back and view the heat-signature-style mapping that shows the coverage and signal strength of each unit.

Providing you specified the correct thickness before importing the drawing, it will show how walls affect wireless coverage and even signal leakage through windows. If you add the optional Location Tracking module, you can track wireless clients and build up a map showing their position in the building and roaming activity. Airespace uses RF fingerprinting and a proprietary prediction tool and can highlight the physical location of rogue access points and ad-hoc networks the moment they come online.

There's much more to ACS as it provides a complete overview of your wireless network, identified rogues, areas of poor coverage and the chattiest APs, plus it includes wireless intrusion detection and prevention using a regularly updated attack database. Reporting facilities are also good, although these are limited to displaying results only in graphical format.

There's no denying Airespace is offering smaller businesses a slick wireless security product. But although the switch and APs are priced competitively, the ACS and Location Tracking modules do add substantially to the asking price. Nevertheless, if network security is paramount then Airespace will be a sophisticated platform that could easily make drive-by hacking and war-chalking things of the past.