Skip to navigation

AirTight Networks SpectraGuard Enterprise review

Verdict

AirTight delivers a wireless security solution that's easy to deploy, elegantly simple and frighteningly effective.

Review Date: 11 Feb 2008

Reviewed By: Dave Mitchell

Price when reviewed: exc VAT for appliance and two sensors

Overall Rating
5 stars out of 6

PCPRO Recommended

AirTight Networks is a newcomer to the European wireless security market, but aims to stand out by offering a solution that's capable of detecting wireless APs and automatically classifying them.

SpectraGuard Enterprise is also dramatically different to most wireless security solutions, because it doesn't take an all-or-nothing approach to rogue APs and clients. Most consider any AP they don't recognise as a rogue and, if you have containment activated, will attack it. Very real problems can arise where businesses are close to other companies with their own wireless networks, making containment risky.

Although SpectraGuard also offers containment, this appliance-based solution uses sensors that are purely for monitoring, enforcing security policies and location tracking. SpectraGuard uses an obvious test when it detects a new AP because all it needs to know is whether it's wired to your network. The sensors send a broadcast packet via the wired network and check whether it can be received over the wireless network. If the AP is confirmed as connected to your wired network but isn't in the authorised list then it's a rogue. If the AP doesn't have a wired link, it's left alone.

Essentially, SpectraGuard can allow authorised clients and APs to associate with each other and will block authorised clients from accessing rogue and external APs, but won't interfere with external APs and unauthorised clients. Wireless clients that connect to an authorised AP and establish a viable session are placed in the authorised client list, but if they associate with an external AP they won't be allowed to join the protected network.

SpectraGuard can also stop internal wireless clients from accessing external networks other than your own, preventing client mis-associations and stopping APs being used as honeypots.

For testing, we placed the appliance and one sensor in our lab and located two more sensors about 50m away in a decent-sized triangle, running them all over PoE. Little gets past the sensors, as they monitor 2.4GHz and 5GHz frequencies and will see anything in the 802.11 spectrum. We left the system running for a couple of days and it picked up 24 APs and 55 wireless clients. All APs were classified as external because we knew none was wired to our test LAN, and all clients were classified as unauthorised. We placed a Buffalo Wireless-G AP in the lab and SpectraGuard picked it up in seconds, placing it in its external list. We then fired up a PC with a D-Link 11g PCI wireless card, which was also deemed unauthorised. When we added a 3Com AP running from the lab's PoE switch, it was immediately classed as rogue due to its wired connection to our LAN.

The Java management interface dashboard clearly shows all the action. We picked out our rogue AP from the main list and were able to view all details about it, including traffic statistics and associated clients. From the drop-down menu we could authorise the AP, quarantine it or place it in a banned list. Selecting the Location menu option opens a chart showing which sensors detected it and their distances from it. We imported a JPEG floor plan of our building and, after placing the sensor icons within it, were able to pinpoint the AP's position to within a few metres.

SpectraGuard will only enforce compliance once you've created policies. We opted to block rogue APs only and had the policy running with just a couple of mouse clicks. We were shocked by SpectraGuard's swift justice. The wireless client PC blue-screened seconds after the policy was activated. AirTight advised us this could happen, as the sensors are bombarding the client's wireless adapter with de-auth packets, which can cause a buffer overflow and a Windows hardware fault. But the PC remained unharmed. However, the only way we could use it was to stop it trying to associate with the rogue AP, remove the AP or deactivate the policy.

1 2
Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
Be the first to comment this article

You need to Login or Register to comment.

(optional)

Latest Category Reviews
WatchGuard Firebox T10 review

WatchGuard Firebox T10

Category: Security appliances
Rating: 6 out of 6
Price: £234
Cyberoam CR200iNG-XP review

Cyberoam CR200iNG-XP

Category: Security appliances
Rating: 5 out of 6
Price: £9,172
Check Point 600 Appliance review

Check Point 600 Appliance

Category: Security appliances
Rating: 5 out of 6
Price: £300
TP-Link SafeStream TL-ER6120 review

TP-Link SafeStream TL-ER6120

Category: Security appliances
Rating: 4 out of 6
Price: £176
Netgear ProSecure UTM25S review

Netgear ProSecure UTM25S

Category: Security appliances
Rating: 5 out of 6
Price: £959
Compare reviews: Security appliances

advertisement

Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Features
Latest Real World Computing

advertisement

Sponsored Links
 

 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.