AirTight Networks SpectraGuard Enterprise review
AirTight delivers a wireless security solution that's easy to deploy, elegantly simple and frighteningly effective.
Review Date: 11 Feb 2008
Reviewed By: Dave Mitchell
Price when reviewed: exc VAT for appliance and two sensors
AirTight Networks is a newcomer to the European wireless security market, but aims to stand out by offering a solution that's capable of detecting wireless APs and automatically classifying them.
SpectraGuard Enterprise is also dramatically different to most wireless security solutions, because it doesn't take an all-or-nothing approach to rogue APs and clients. Most consider any AP they don't recognise as a rogue and, if you have containment activated, will attack it. Very real problems can arise where businesses are close to other companies with their own wireless networks, making containment risky.
Although SpectraGuard also offers containment, this appliance-based solution uses sensors that are purely for monitoring, enforcing security policies and location tracking. SpectraGuard uses an obvious test when it detects a new AP because all it needs to know is whether it's wired to your network. The sensors send a broadcast packet via the wired network and check whether it can be received over the wireless network. If the AP is confirmed as connected to your wired network but isn't in the authorised list then it's a rogue. If the AP doesn't have a wired link, it's left alone.
Essentially, SpectraGuard can allow authorised clients and APs to associate with each other and will block authorised clients from accessing rogue and external APs, but won't interfere with external APs and unauthorised clients. Wireless clients that connect to an authorised AP and establish a viable session are placed in the authorised client list, but if they associate with an external AP they won't be allowed to join the protected network.
SpectraGuard can also stop internal wireless clients from accessing external networks other than your own, preventing client mis-associations and stopping APs being used as honeypots.
For testing, we placed the appliance and one sensor in our lab and located two more sensors about 50m away in a decent-sized triangle, running them all over PoE. Little gets past the sensors, as they monitor 2.4GHz and 5GHz frequencies and will see anything in the 802.11 spectrum. We left the system running for a couple of days and it picked up 24 APs and 55 wireless clients. All APs were classified as external because we knew none was wired to our test LAN, and all clients were classified as unauthorised. We placed a Buffalo Wireless-G AP in the lab and SpectraGuard picked it up in seconds, placing it in its external list. We then fired up a PC with a D-Link 11g PCI wireless card, which was also deemed unauthorised. When we added a 3Com AP running from the lab's PoE switch, it was immediately classed as rogue due to its wired connection to our LAN.
The Java management interface dashboard clearly shows all the action. We picked out our rogue AP from the main list and were able to view all details about it, including traffic statistics and associated clients. From the drop-down menu we could authorise the AP, quarantine it or place it in a banned list. Selecting the Location menu option opens a chart showing which sensors detected it and their distances from it. We imported a JPEG floor plan of our building and, after placing the sensor icons within it, were able to pinpoint the AP's position to within a few metres.
SpectraGuard will only enforce compliance once you've created policies. We opted to block rogue APs only and had the policy running with just a couple of mouse clicks. We were shocked by SpectraGuard's swift justice. The wireless client PC blue-screened seconds after the policy was activated. AirTight advised us this could happen, as the sensors are bombarding the client's wireless adapter with de-auth packets, which can cause a buffer overflow and a Windows hardware fault. But the PC remained unharmed. However, the only way we could use it was to stop it trying to associate with the rogue AP, remove the AP or deactivate the policy.
- How Three got a cheap deal in the 4G auction
- UK has "best broadband in Europe" - if Europe was only five countries
- Tim Berners-Lee warns not to take the web for granted
- Amazon will "limit music streams to encourage downloads"
- New version of Office for Mac coming this year
- Twitter goes down for second time in nine days
- Google sued over $66 in-app purchase
- Snowden: I was right to leak NSA data
- BBC revamps iPlayer for the "multiscreen world"
- Sony revives optical discs with 1TB Archival Disc
- CeBit 2014 diary: Cameron comes to town
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Make the most of your mobile data
- Old-school internet scams: five that just won't die
- Bitcoin believers not worried by Mt. Gox disarray
- How to hack your car
- Small server vs cloud: which is best for SMBs?
- Block party: why do millions play Minecraft?
- What to do if you’re still on Windows XP
- Microsoft Word: top 20 secret features
- Measuring me: is your body the future of security?
- The best mobile apps for business
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book