Folks-

Looking for some suggestions for Wireless Intrusion Detection systems.

We are in an environment that disallows WiFi entirely- to meet security specs, we need to have sensors to actively examine our network for rogue WiFi points.

Anyone have suggestions? We prefer to stay with CISCO, as we're a Cisco shop.

Segment off some Cisco Access points and put them in Rogue AP Detection mode? They won't broadcast any wireless but you can take a peak and see whats out there

Seems like a possibiity... keep 'em coming folks..

We are in the same boat. No cell phones, limited plant wifi.

We have several that are being deployed/tested right now. I dont get much if any hands on with them but our security team seems to like them. AirPatrol I think has some functionality to control signals, but I can be wrong.

Motorola AirDefense
AirPatrol
Aruba WIDS

_________________
http://blog.movingonesandzeros.net/

That1:

Any chance you can put me in touch with one of the guys on the assessment team, back-channel, so I can get a feel for what he's doing with these?

Not looking for OpSec info, not trying to socially engineer you... ... just want to send an email or two to talk to someone who's using the tech and get their feelings for it...

Sorry i cant.

The Motorola WIDS, I'm working on the deploy and am in the process of transferring ownership from me to the security team. I might be able to answer some questions for you but the ins and outs of what we are doing I cant really talk about.

Sorry

_________________
http://blog.movingonesandzeros.net/

Not looking for operational details. I know better than that...

Just basically - does the product have the ability to report to a syslog server, send SNMP traps, alert via email and/or text message?

We don't need anything super fancy... something meeting the above ought to make us very happy.

Yeah all three provide alerts. Im not sure if all/any will kick out emails but I know they will send traps and syslog messages. You can also integrate them with your NMS for more detailed alerting.

You gov?

_________________
http://blog.movingonesandzeros.net/

What would give you that idea?

Ive never seen an environment that restricts to the point of needing to monitor wifi space outside of Government. I could be wrong though.

_________________
http://blog.movingonesandzeros.net/

I have very paranoid clients, to one degree or another...

Hell, they take after me... ;P

the cisco WLC's have rogue detection, they'll transmit out a signal to block the rouge access point.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Hmmm, we actually are looking more for monitoring instead of active suppression. There are systems here that use this part of the spectrum as well and are actually more of a "Prime user" of that spectrum (ie: not subject to Part 15 compliance- so anything interfering with them wouldn't be welcome).

With the Cisco WLC then just turn off the auto-containment feature. It will alert you and send emails or snmp traps of the event and tell you when a rogue wireless device is broadcasting. I get lovely alerts all day from mine from people tethering their phones to even a local utah train that has wifi built in that drives by one of my buildings. Works great. I'm using a Cisco 5508 w/ Prime NCS