Cisco/AirDefense wireless system
Last Post: February 11, 2005:
-
Officials at Cisco Systems signed a technology partnership last month with officials from AirDefense to integrate AirDefense's wireless intrusion-detection capabilities with Cisco's wireless access points and wireless management software.
This looks like a good marriage of the two technologies.
Here is an interesting part of the article concerning Cisco and AirDefense.
Chaudhry said agency officials must not underestimate the threat of rogue access points. AirDefense has about 350 customers, 30 percent of which are in the federal government, and every month, each customer detects at least a half-dozen rogue access points in their facilities.
-
Jay Chaudry is right. This is normal everywhere. By the way, AirMagnet is now FIPS. That "thing" between Cisco and AirDefense works with all WIDS systems (though AirDefense isn't about to tell you that of course) - it's just an API between the Cisco WLSE/WLSM and the WIDS system.
Rogues are everyone's worst nightmare. For this reason, every WIDS and WLAN switch on the market now supports Rogue "Containment" (which has 100 other names also). This "containment" feature means that the switch uses the closest AP to the rogue to spoof the MAC of the rogue AP and then starts sending deauthentication frames to any stations that try to associate to the rogue. This is a good thing as long as you as the administrator can control this behavior manually (and you usually can). You can set it as the default behavior, and then come back through and disable it on a per-rogue basis (good).
Some APs seen by your APs aren't actually rogues, they're your neighbor's APs, and so those are called "known APs". You don't want to contain those...that will tick off your neighbor. :-)
Devinator -
Some APs seen by your APs aren't actually rogues, they're your neighbor's APs, and so those are called "known APs". You don't want to contain those...that will tick off your neighbor.
Devinator, I know you wouldn't be tempted...huh
an eye-D-S for an eye-D-S...bluetooth for bluetooth?
I must admit I try hard to turn the other cheek my brother! So many fake (Judas-like) APs out there I'm beginning doubt like Thomas.
Go ahead and Laugh!
compughter -
HA HA, very funny. ;-P
-
Under the agreement with AirDefense, customers will be able to use Cisco access points, including the company's new Aironet 1130AG and 1230AG, as sensors instead of being limited to the AirDefense sniffers, said Shripati Acharya, director of wireless product management at Cisco.
It seems to me that cisco's AP can be used as a sensor as well, eliminating AirDefense's sensor. Am I reading this wrong? -
You're reading it correctly. This is a huge plus. Having sensor code in the AP is very nice....but now we have to figure out what Cisco, Proxim, Symbol, and other FAT AP vendors are going to do in light of the fact that Cisco and Symbol both have WLAN Switches now. Proxim scrapped their WLAN switch project as far as I know. If APs are to become thin or even "thinnER" then I'm going to still assume that this firmware will still be in there, but there will now be new issues of proprietary (like all switches) versus open standards. Right now, there are 3 types of WIDS - overlay (a stand-alone system), integrated (part of a WLAN switch for example), and what we call "Integration-Enabled" which is the firmware-in-Fat-AP scenario we've just discussed. Each of these topics are discussed in the upcoming new CWSP course starting March 7-11. This course will be released to training centers shortly thereafter.
-
There's a big difference currently between what Cisco WLSE and an AP configured in scan-only mode can do compared to what WLSE, APs and/or AirDefense probes, and the AirDefense IDS engine can do.
AirDefense's one purpose in life is to develop high-end wireless IDS products. They are very targeted on that market which is why they have advanced capabilities that exceed what the current WLSE can accomplish. Some customers demand those capabilities; some don't. For the ones that don't, WLSE and scan-only mode APs offer an integrated Cisco solution. For the ones that do, the AirDefense third-party solution is a good fit. That's why the partnership was established, to help those customers with requirements that aren't currently fulfilled by existing products.
Future capabilities and expansion to the WLSE API will allow other product integration as well. Should be interesting to watch develop.
Joel -
Ci$Co aims at dominating Wireless WIDS, swtches too? That a money-opoly, right? Why can't we all just be vendor neutral? I heard Ci$Co is also cutting cost on their APs. Is that right?
Believe me this doesn't bother me. It scares me!
- 1