AirTight Networks SpectraGuard Enterprise review
AirTight delivers a wireless security solution that's easy to deploy, elegantly simple and frighteningly effective.
Review Date: 11 Feb 2008
Reviewed By: Dave Mitchell
Price when reviewed: exc VAT for appliance and two sensors
AirTight Networks is a newcomer to the European wireless security market, but aims to stand out by offering a solution that's capable of detecting wireless APs and automatically classifying them.
SpectraGuard Enterprise is also dramatically different to most wireless security solutions, because it doesn't take an all-or-nothing approach to rogue APs and clients. Most consider any AP they don't recognise as a rogue and, if you have containment activated, will attack it. Very real problems can arise where businesses are close to other companies with their own wireless networks, making containment risky.
Although SpectraGuard also offers containment, this appliance-based solution uses sensors that are purely for monitoring, enforcing security policies and location tracking. SpectraGuard uses an obvious test when it detects a new AP because all it needs to know is whether it's wired to your network. The sensors send a broadcast packet via the wired network and check whether it can be received over the wireless network. If the AP is confirmed as connected to your wired network but isn't in the authorised list then it's a rogue. If the AP doesn't have a wired link, it's left alone.
Essentially, SpectraGuard can allow authorised clients and APs to associate with each other and will block authorised clients from accessing rogue and external APs, but won't interfere with external APs and unauthorised clients. Wireless clients that connect to an authorised AP and establish a viable session are placed in the authorised client list, but if they associate with an external AP they won't be allowed to join the protected network.
SpectraGuard can also stop internal wireless clients from accessing external networks other than your own, preventing client mis-associations and stopping APs being used as honeypots.
For testing, we placed the appliance and one sensor in our lab and located two more sensors about 50m away in a decent-sized triangle, running them all over PoE. Little gets past the sensors, as they monitor 2.4GHz and 5GHz frequencies and will see anything in the 802.11 spectrum. We left the system running for a couple of days and it picked up 24 APs and 55 wireless clients. All APs were classified as external because we knew none was wired to our test LAN, and all clients were classified as unauthorised. We placed a Buffalo Wireless-G AP in the lab and SpectraGuard picked it up in seconds, placing it in its external list. We then fired up a PC with a D-Link 11g PCI wireless card, which was also deemed unauthorised. When we added a 3Com AP running from the lab's PoE switch, it was immediately classed as rogue due to its wired connection to our LAN.
The Java management interface dashboard clearly shows all the action. We picked out our rogue AP from the main list and were able to view all details about it, including traffic statistics and associated clients. From the drop-down menu we could authorise the AP, quarantine it or place it in a banned list. Selecting the Location menu option opens a chart showing which sensors detected it and their distances from it. We imported a JPEG floor plan of our building and, after placing the sensor icons within it, were able to pinpoint the AP's position to within a few metres.
SpectraGuard will only enforce compliance once you've created policies. We opted to block rogue APs only and had the policy running with just a couple of mouse clicks. We were shocked by SpectraGuard's swift justice. The wireless client PC blue-screened seconds after the policy was activated. AirTight advised us this could happen, as the sensors are bombarding the client's wireless adapter with de-auth packets, which can cause a buffer overflow and a Windows hardware fault. But the PC remained unharmed. However, the only way we could use it was to stop it trying to associate with the rogue AP, remove the AP or deactivate the policy.
- Child abuse showdown "hijacked by ignorant MPs"
- Government wheedles more funding for online child protection from ISPs
- AMD’s "Seattle" ARM chips set for 2014 release
- Microsoft offloads cheap Surface RT tablets to schools
- Outlook.com to ditch linked accounts over security fears
- Adobe’s subscription-only Creative Cloud goes live
- Skype rolls out free video voicemail
- Spotify confirms UK outage
- Google builds system to identify child abuse images
- Google balloons beam broadband to remote areas
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Manage a mailing list with MailChimp
- Best Linux distros for 2013
- 36 best Android apps
- How to track a stolen phone, laptop or tablet
- The man who teaches the world to Google
- 38 best iPad apps
- Moving PC made easy
- 35 best web apps
- Software subscriptions return us to a life of servitude
- Dropbox: everything you need to know
- Facebook "click on the photo" scams: how they work
- Three alternatives to Word's spelling and grammar checker
- Google two-step verification: a must for business email
- Microsoft Office and the death of upgrades
- The ICO's shame-faced u-turn on cookies
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
There are dozens of exciting prizes up for grabs on PC Pro Competitions. All our competitions are free to enter. Try your luck.ENTER NOW