How does AirWave make my wireless network more secure?
Network management is a critical component of an overall wireless LAN security strategy. In particular, a management solution must provide:
* Centralized configuration management. Whatever your encryption and authentication policies (WEP, WPA, WPA2, etc.), your wireless LAN infrastructure must be configured to support them and other security policies (disable broadcast SSID, etc.). Gartner Group estimates that 90% of wireless security incidents will result from misconfigured infrastructure and devices. A centralized management solution is essential to eliminate human error and ensure that these policies are applied uniformly.
* Automated compliance management. It is not enough to ensure that policies are applied correctly once. You must continuously audit the infrastructure to ensure that the policies remain enforced and that any violations are detected right away. AirWave customers report that an average of 32% of wireless APs were misconfigured before they installed AMP. AMP addresses this problem by enabling you to schedule automated compliance audits, to see side-by-side views depicting any violations and even to automatically 'repair' those violations as soon as they are detected. With the new Custom Compliance Audit feature in 5.0, you can even determine which violations merit the generation of a high-priority alert – and which settings may safely be allowed to vary.
* Rogue AP detection. AMP uses a unique combination of wired and wireless network scans to detect potential unauthorized “rogue” APs anywhere on a network -- even those that are out of range of your APs or sensors. AirWave uses existing, authorized APs to conduct wireless environmental RF scans to detect any unknown access points in range. Wireline scans detect the “fingerprints” of access points providing a comprehensive system for identifying rogue APs anywhere on the network. The RAPIDS module integrates this data and assigns each device a score reflecting the likelihood that it is an unauthorized rogue AP. When the device is detected via one or more wireless scans, the VisualRF module calculates and displays the rogue's location.
* "Need to Know" Security. Good security policy dictates that only those IT employees with a "need-to-know" can access information about security policies, credentials, passwords, etc. With AMP, organizations can define what level of administrative access each AMP user should have: super-user (able to create and define admin roles for others); read-write access (able to manage device configuration policies; typical for a network engineer); read-only (monitoring access but no configuration privileges; typical for Help Desk support); and auditor (able to view auditing screens and reports; typical for a security analyst). AMP also allows organizations to define the network segment (or devices) for which administrative users should have the specified privileged. I.e., a network engineer with responsibility for the U.S. retail stores may be granted read-write privileges for the WLAN infrastructure in the store locations in the U.S. while another user may be limited to monitoring-only views for stores outside the U.S. and for non-store locations.
You must log in to post.
