A comparison of WIDS/WIPS system designs

Purpose of the paper

The purpose of the paper is to discuss the enterprise WIDS/WIPS designs focusing on Standalone, Integrated and Overlay. For this purpose the paper will focus on the following points: how they work (Listening patterns), types of attacks detected and prevented, pros and cons of each design. (Andijani, 1997, 429-445)

Introduction

These days, certain terms are often used to characterize Wireless Intrusion Detection/Prevention System (WIDS/WIPS) architectures - overlay and integrated being most commonly used and that too with variable meanings. This post explains what these terms mean or should mean to be consistent with fundamental underpinnings of WIDS/WIPS architectures and functions. Clarifying the terms WIDS and WIPS themselves will also be useful but will be left for different post. For now, let us say that WIDS/WIPS is wireless security system comprising of channel scanning sensors and scan data processing server. (Andijani, 1997, 429-445)

How they work

As Wi-Fi networks become more pervasive, displacing wired networks as part of mobility enhancement and rightsizing efforts, wireless threats are a significant risk that need to be addressed. Wireless Intrusion Detection & Prevention (WIDP) systems are designed to detect and neutralize these threats. (Ardalan, 1997, 195-211)

Using existing access points, and sometimes dedicated sensors, Aruba's solution provides real-time wireless threat detection, attack prevention, policy enforcement and compliance reporting.

Key features include:

Integration with Aruba's mobility infrastructure;

Scanning several across the 802.11 frequency spectrum;

Rogue AP & ad-hoc detection, location, classification, containment, and Denial of Service (DoS) detection;

Fully automated threat prioritization and response;

Pre-configured compliance reporting;

Centralized and Web-accessible monitoring, troubleshooting, and analysis. (Ardalan, 1997, 195-211)

Types of attacks detected and prevented

The portfolio's intrusion detection and prevention capabilities are dramatically extended by the addition of HiPath Wireless Manager HiGuard. It provides the best-in-breed security protection seen in overlay IDS/IPS solutions as well as significant integration with existing WLAN infrastructure and management tools. (Ardalan, 1997, 195-211) The HWM HiGuard solution depends on HiPath Wireless Access Points that have been deployed in dedicated sensor mode, where they focus solely on scanning all channels and frequencies on the 802.11a, b, and g radios. The information gathered by the Sensors is then sent to the central HWM Server, which consolidates and analyzes it using sophisticated heuristics. Sensors can then use precise RF countermeasures to proactively neutralize threats while the rest of the network remains unaffected. HWM HiGuard is one of the only WLAN security solutions that can detect Rogue 802.11n APs to prevent unauthorized access to the wireless network.

The benefits provided by HiPath Wireless Manager include:

Optimized performance as HiPath Wireless Access Points can devote their attention to delivering consistent network access to users - key for voice and other real-time applications. (Ardalan, 1997, 195-211)

Enhanced security as sensors can proactively scan all WiFi radio bands and channels to identify and neutralize the most sophisticated attacks.

Intrusion information is forwarded to a management server that provides robust reporting capabilities.

Automatic threat classification (member, neighbor, rogue, etc.) and the flexibility to locate rogues or even deny them access to the network.

Visual representation of signal coverage and device locations ...