AirTight Networks SpectraGuard Enterprise review
AirTight delivers a wireless security solution that's easy to deploy, elegantly simple and frighteningly effective.
Review Date: 11 Feb 2008
Reviewed By: Dave Mitchell
Price when reviewed: exc VAT for appliance and two sensors
AirTight Networks is a newcomer to the European wireless security market, but aims to stand out by offering a solution that's capable of detecting wireless APs and automatically classifying them.
SpectraGuard Enterprise is also dramatically different to most wireless security solutions, because it doesn't take an all-or-nothing approach to rogue APs and clients. Most consider any AP they don't recognise as a rogue and, if you have containment activated, will attack it. Very real problems can arise where businesses are close to other companies with their own wireless networks, making containment risky.
Although SpectraGuard also offers containment, this appliance-based solution uses sensors that are purely for monitoring, enforcing security policies and location tracking. SpectraGuard uses an obvious test when it detects a new AP because all it needs to know is whether it's wired to your network. The sensors send a broadcast packet via the wired network and check whether it can be received over the wireless network. If the AP is confirmed as connected to your wired network but isn't in the authorised list then it's a rogue. If the AP doesn't have a wired link, it's left alone.
Essentially, SpectraGuard can allow authorised clients and APs to associate with each other and will block authorised clients from accessing rogue and external APs, but won't interfere with external APs and unauthorised clients. Wireless clients that connect to an authorised AP and establish a viable session are placed in the authorised client list, but if they associate with an external AP they won't be allowed to join the protected network.
SpectraGuard can also stop internal wireless clients from accessing external networks other than your own, preventing client mis-associations and stopping APs being used as honeypots.
For testing, we placed the appliance and one sensor in our lab and located two more sensors about 50m away in a decent-sized triangle, running them all over PoE. Little gets past the sensors, as they monitor 2.4GHz and 5GHz frequencies and will see anything in the 802.11 spectrum. We left the system running for a couple of days and it picked up 24 APs and 55 wireless clients. All APs were classified as external because we knew none was wired to our test LAN, and all clients were classified as unauthorised. We placed a Buffalo Wireless-G AP in the lab and SpectraGuard picked it up in seconds, placing it in its external list. We then fired up a PC with a D-Link 11g PCI wireless card, which was also deemed unauthorised. When we added a 3Com AP running from the lab's PoE switch, it was immediately classed as rogue due to its wired connection to our LAN.
The Java management interface dashboard clearly shows all the action. We picked out our rogue AP from the main list and were able to view all details about it, including traffic statistics and associated clients. From the drop-down menu we could authorise the AP, quarantine it or place it in a banned list. Selecting the Location menu option opens a chart showing which sensors detected it and their distances from it. We imported a JPEG floor plan of our building and, after placing the sensor icons within it, were able to pinpoint the AP's position to within a few metres.
SpectraGuard will only enforce compliance once you've created policies. We opted to block rogue APs only and had the policy running with just a couple of mouse clicks. We were shocked by SpectraGuard's swift justice. The wireless client PC blue-screened seconds after the policy was activated. AirTight advised us this could happen, as the sensors are bombarding the client's wireless adapter with de-auth packets, which can cause a buffer overflow and a Windows hardware fault. But the PC remained unharmed. However, the only way we could use it was to stop it trying to associate with the rogue AP, remove the AP or deactivate the policy.
- Google's Project Ara modular phone arrives in January
- Hackers harvest LaCie card data for a full year
- Ubuntu LTS Server 14.04 extends cloud support
- Samsung Galaxy S5 outselling the S4
- Intel: PC sales are "encouraging"
- Average UK broadband speed hits 14.7Mbits/sec
- Sky and TalkTalk eye BT with York fibre
- Google to rank encrypted pages higher
- Heartbleed: the race to reissue security certificates
- Mozilla names new CEO after gay marriage uproar
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- Data recovery: inside the clean room
- Best tablet PCs to buy in 2014
- How much RAM do you really need?
- News of the weird: the strangest ever tech stories
- Five hyped technologies: disruptive or not?
- Piracy's dying: why we're all going straight
- Office: should you buy it, rent it - or dump it?
- Make the most of your mobile data
- Old-school internet scams: five that just won't die
- Bitcoin believers not worried by Mt. Gox disarray
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly