Product Reviews

Focusing entirely on wireless network analysis, management and security has allowed AirMagnet to deliver some unique solutions to market. We've already been impressed with its Laptop Analyser and the PC Pro Recommended Surveyor 2. Now we take a closer look at the latest version of its Enterprise wireless threat-analysis package.

AirMagnet Enterprise takes a similar approach to the PC Pro Recommended Airespace, which proved to be so successful that Cisco acquired the company earlier this year. It combines server and remote management console software in tandem with AirMagnet's hardware SmartEdge Sensors. The latter act as border patrol guards, detecting and eliminating wireless security threats. New features in this version include the ability to use some Cisco APs as dedicated sensors, a zero-configuration facility for the SmartEdge sensors and improved reporting capabilities. The Enterprise Server software component acts as a central repository for all data collected and alarms issued by the sensors, and provides a database for trend reporting. A remote console is used to access the database and the licence includes unlimited instances. The sensors need to be strategically placed to ensure a desired area of coverage. Once introduced to the network, they'll be picked by the server and need to be approved for

The Start screen on the console interface provides a dashboard of graphs and tables showing information about APs and stations, security and intrusion events, and the ten most active and eventful APs. Full analysis of sensor information is provided in the AirWISE screen, which lists all APs and stations deemed a security risk. You can keep an eye on all wireless hardware from the Infrastructure window, which lists all discovered APs, their SSIDs and all their associated stations. It also provides a quick visual reference to those devices that have violated Enterprise policies. These are an important component of Enterprise, as policies determine how the software handles areas such as the introduction of rogue APs, intrusion detection, automated blocking procedures and notifications.

During testing in a large two-storey office building, sensor capabilities were extremely good. Up until now, we'd only been aware of four other APs in the immediate vicinity, but the sensors identified another seven. We could see that four were broadcasting their SSID, three of them had no encryption enabled and two had been involved in data transmissions occurring outside normal hours. The IDS/Rogue window reveals all culprits and, once you've imported a building map, triangulation will be used to show likely locations of rogue APs. You can manually block rogue APs or use policies to do it automatically. These can block the AP's LAN port or disrupt wireless traffic between an AP and associated stations. Plenty of charts and reports are provided, and a new feature of this version is compliance audits and reports for the SOX, GLB, HIPAA and DoD directives.

Compared with Cisco's Airespace, AirMagnet offers better value for smaller businesses. It's not quite as sophisticated, but does provide a wealth of information about your wireless networks and the tools to lock it down tight.