Archive for the ‘WIDS’ Tag

Importance of WIDS/WIPS (Wi-Fi Masterminds)

This is the first in a series of posts that I am dubbing “Wi-Fi Masterminds” (TM). I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.

If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.

I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.

Without further delay, let’s meet today’s panelists, shall we?  They are… 

jennifer Jennifer Huber CCNP, RFID+, CWNE #51  @jenniferlucille  — Jennifer has over 8 years of  experience in the networking and wireless engineering industry. She has a solid background in  supporting, designing, deploying, and troubleshooting 802.11a/b/g/n Enterprise wireless    installations, as well as the ability to take complex information and explain problems and solutions in  terms that are easily understood. 

keith Keith R. Parsons, CWNE #3:  – @keithparsons — A gifted  presenter, Keith is known for his wit and broad technical expertise. He holds over 50 technical  certifications and has earned an MBA from the Marriott School of Management. He is author (or editor) of a  dozen technical publications and has developed seven technical certification programs. He travels  throughout North America, Europe, Africa, Asia and Australia in behalf of a wide variety of IT vendors,  explaining networking technology to industry professionals.

joel Joel Barrett, CWNP#6: @joelbarrett  —  Joel Barrett is a senior-level wireless networking architect  with Cisco Systems. Joel consults primarily with large enterprise customers concerning complex  wireless deployments. He is an author of wireless industry books and lexicographer for “The Official  CWNP Dictionary of Wireless Terms and Acronyms”.


I asked the panelist the following questions:

How important do you think wireless IDS/IPS functionality is in an enterprise WLAN?  What do you think are important features of wireless IDS/IPS systems? 

Here is what they had to say… 

Jennifer:  The need for robust IDS/IPS alerting is essential in enterprise WLANs used in environments where the security of WLAN data is of import, or may be required by law.  Generating a baseline of WLAN usage, and implementing periodic auditing could mitigate the impact of a data breach, or prevent a repeat of the 2007 T. J. Maxx data theft incident.  Implementing a WIPS/WIDS system is usually one of many steps toward HIPAA or PCI compliance.  The ability of the WIPS/WIDS system to determine if a rogue AP is connected to the enterprise network is especially beneficial when determining the real threat of the rogue device.

Keith:  I agree with Jennifer’s initial description of the value of a wireless IDS/IPS system. I too have noticed the initial value of a WIDS is in the area of security. Being able to configure the correct security alarms for the intrusions your company cares about is paramount. A WIDS straight out of the box will give hundreds, if not thousands of alarms. The first step should be to correctly choose and configure the alarms your firm cares about tracking. Then build the proper response to those alarm triggers, i.e. document the remediation process for each alarm. As you clear each alarm category, then slowly add more alarms to the WIDS system until you get to where your firm wants to be. 

In my clients, they purchase a WIDS for security – but then received the best ROI based on the performance alarms and learning to better adapt the performance characteristics of their Wireless LAN – thus getting double, triple or higher throughput increases. Yes, the security is important, but a great WIDS/WIPS should also help you to troubleshoot and ‘tweak’ your Wireless LAN as well.

Joel: Wireless IDS/IPS is important because, for any establishment that accepts credit cards, PCI DSS compliance requires it. Customers who don’t accept credit cards should still implement WIDS/WIPS so they are aware of security threats and can take steps to reduce or eliminate rogue devices. In my opinion, it is more important to do continual monitoring rather than just periodic monitoring, as required by PCI DSS.

The most important feature, after detecting rogues, is the ability to produce meaningful reports so that management can understand what needs to be done to properly, quickly, and legally deal with those rogue devices.

What do YOU think?  Let our panel know by submitting a comment! 

Related Posts: 


Price of Wireless IDS/IPS

I realize that it has been almost a week since I posted new content on  – don’t despair!   Over the last week, I wrote two guest posts for other notable blogs.  

Last Wednesday, I made another post to my Computerworld blog (“Cautiously Cutting the Cord”) entitled “RSA Inspired Thoughts on Wireless Security”.  The post spoke about different Wireless Intrusion Detection System (WIDS) designs.  I just started blogging for Computerworld last month and that is my third post – please visit those posts, Digg them (if you think they are worthy), and comment – I love the conversations generated by comments! 

Last Thursday, I wrote a blog post on addressing pricing concerns of 802.11n networks.  The article had sections outlining the costs and benefits of 802.11n networks.  It even had a section titled “WWWBD? (What Would Warren Buffett Do?).  

I was actually going to summarize these posts on over the weekend, but I ran into a technical difficulty. I originally typed out this post using the WordPress application for my iPhone while on a flight from Phoenix to Seattle. Since I was on a flight, I had to save it in the “local drafts” folder of the iPhone app.  However, when I went back to publish the post, the information wasn’t there! I Googled the issue, and found out that this was a known (and fairly common) issue with the iPhone application for WordPress.  The recommended “fix” was to uninstall and reinstall the application. While this method didn’t allow me to recover the data I had already drafted, it did seem to remedy the issue.  Just to be sure, I wrote a test post, saved it to the local drafts, and came back later and pushed it to the WordPress website.

Lastly, if you can’t get enough discussion of RSA, WIDS/WIPS, and Pricing, you can check out Joanie Wexler’s Network World article on “How intrusion prevention costs compare”.  Happy reading!