Importance of WIDS/WIPS (Wi-Fi Masterminds)
This is the first in a series of posts that I am dubbing “Wi-Fi Masterminds” (TM). I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.
If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.
I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.
Without further delay, let’s meet today’s panelists, shall we? They are…
Jennifer Huber CCNP, RFID+, CWNE #51 @jenniferlucille – Jennifer has over 8 years of experience in the networking and wireless engineering industry. She has a solid background in supporting, designing, deploying, and troubleshooting 802.11a/b/g/n Enterprise wireless installations, as well as the ability to take complex information and explain problems and solutions in terms that are easily understood.
Keith R. Parsons, CWNE #3: - @keithparsons http://WLANiconoclast.blogspot.com – A gifted presenter, Keith is known for his wit and broad technical expertise. He holds over 50 technical certifications and has earned an MBA from the Marriott School of Management. He is author (or editor) of a dozen technical publications and has developed seven technical certification programs. He travels throughout North America, Europe, Africa, Asia and Australia in behalf of a wide variety of IT vendors, explaining networking technology to industry professionals.
Joel Barrett, CWNP#6: @joelbarrett – Joel Barrett is a senior-level wireless networking architect with Cisco Systems. Joel consults primarily with large enterprise customers concerning complex wireless deployments. He is an author of wireless industry books and lexicographer for “The Official CWNP Dictionary of Wireless Terms and Acronyms”.
I asked the panelist the following questions:
How important do you think wireless IDS/IPS functionality is in an enterprise WLAN? What do you think are important features of wireless IDS/IPS systems?
Here is what they had to say…
Jennifer: The need for robust IDS/IPS alerting is essential in enterprise WLANs used in environments where the security of WLAN data is of import, or may be required by law. Generating a baseline of WLAN usage, and implementing periodic auditing could mitigate the impact of a data breach, or prevent a repeat of the 2007 T. J. Maxx data theft incident. Implementing a WIPS/WIDS system is usually one of many steps toward HIPAA or PCI compliance. The ability of the WIPS/WIDS system to determine if a rogue AP is connected to the enterprise network is especially beneficial when determining the real threat of the rogue device.
Keith: I agree with Jennifer’s initial description of the value of a wireless IDS/IPS system. I too have noticed the initial value of a WIDS is in the area of security. Being able to configure the correct security alarms for the intrusions your company cares about is paramount. A WIDS straight out of the box will give hundreds, if not thousands of alarms. The first step should be to correctly choose and configure the alarms your firm cares about tracking. Then build the proper response to those alarm triggers, i.e. document the remediation process for each alarm. As you clear each alarm category, then slowly add more alarms to the WIDS system until you get to where your firm wants to be.
In my clients, they purchase a WIDS for security – but then received the best ROI based on the performance alarms and learning to better adapt the performance characteristics of their Wireless LAN – thus getting double, triple or higher throughput increases. Yes, the security is important, but a great WIDS/WIPS should also help you to troubleshoot and ‘tweak’ your Wireless LAN as well.
Joel: Wireless IDS/IPS is important because, for any establishment that accepts credit cards, PCI DSS compliance requires it. Customers who don’t accept credit cards should still implement WIDS/WIPS so they are aware of security threats and can take steps to reduce or eliminate rogue devices. In my opinion, it is more important to do continual monitoring rather than just periodic monitoring, as required by PCI DSS.
The most important feature, after detecting rogues, is the ability to produce meaningful reports so that management can understand what needs to be done to properly, quickly, and legally deal with those rogue devices.
What do YOU think? Let our panel know by submitting a comment!
- Wi-Fi Masterminds
- Price of Wireless IDS/IPS
- Super Tuesday Poll – Wireless IDS/IPS
- Wireless IDS/IPS Post on CWNP.com