 |
||||
|
|
|
||
|
Contents 
Introduction
AirDefense v AirMagnet
AirDefense v AirMagnet 2
AirDefense v AirMagnet 3
Comparison table
Bluesocket WG-1100
SonicWall Pro 5060
Specifications
Editor's choice
About RMIT |
|
||
|
|
||||
|
|
||||
These two companies are an interesting pair of competitors. Rarely do we receive such evenly matched opponents; it's almost like watching a pair of identical twins duking it out. There are of course differences but they have both approached the problem of wireless security in a similar manner and even use identical hardware for their wireless sensors.
The products
The AirDefense solution consists of a server appliance and wireless sensors. The server appliance, as the name suggests, is usually supplied as an appliance, either an 1150, 2230, or 2270, but unfortunately there were none available at the time of this review. So the AirDefense technicians did the next best thing and installed the hardened Linux OS and security software on one of the Lab's servers. As a consequence, functionality is identical to the appliance.
AirMagnet takes the opposite viewpoint and its enterprise server software installs on Windows 2000 and 2003 Server as well as XP Professional, and each server can cater for up to 1500 sensors. The reason for this massive number is because the AirMagnet sensors are more "educated" than the AirDefense sensors. The hardware requirements for the server are relatively modest and typically include a 2.4GHz processor, 512MB of memory, and 4GB of disk space.
Both vendors support failover from a primary to a secondary server and should the link between the server and a sensor be lost the sensors will continue to monitor and store information until the link is restored. This is, of, course up to a point. At some stage sensors will run out of memory (but the link should be restored before this point).
Configuring the sensors
The sensors are simply an AP with a hardened Linux kernel to passively observe, pre-analyse, and package WLAN data and pump it through to the server appliance for complete analysis. It is interesting to note that both vendors' sensors are identical in terms of hardware, but use different firmware and as a consequence the AirDefense solution only carries out rudimentary processing at the sensor while AirMagnet sensors actually carrying out almost all of the processing before sending the data to the server. AirDefense claims its sensors typically consume two percent of the total network bandwidth even though the relatively raw data results in more traffic than the highly processed and more compact AirMagnet data stream. All sensor data is transferred using SSL and TLS so they are secure and pass through firewalls with a minimum of fuss.
Manually configuring the sensors is not great hardship on an individual basis but if you have to deploy 20 or 30 of the sensors you would certainly not want to configure each of them manually.
Both products can be setup to auto configure after the sensors grab their IP addresses from a DHCP server and includes policy settings for each sensor.
If your organisation has an installed base of Cisco Aironet 1200 APs, these can also be utilised as sensors (albeit with limited capabilities) to feed the server appliance or enterprise server with security and performance data. Both vendors' products will happily integrate with Cisco WLSE (Wireless LAN Solution Engine) for seamless management of your WLAN infrastructure although only AirMagnet appears capable of utilising Cisco APs as rudimentary sensors without WLSE deployed. The Lab did not test the vendors' level of integration with WLSE.
AirDefense's user interface
