Red-Detect 3.6
The Red-M product line is a set of components that you can purchase individually to fit your needs. For example, Red-M's Red-Alert PRO sensors can operate independently of Red-M's Red-Detect management server. You can manage the sensors with a Web browser, or they can use SNMP to report to any network management software, including the Red-Detect management server.
The Red-Detect management server is based on Red Hat Linux and comes preloaded on a minitower computer. The Red-Detect management console runs on Windows and can connect to one Red-Detect management server to manage that server's associated sensors. If your environment requires more than one Red-Detect server and you want to be able to manage more than one server at a time, or if you want in-depth reporting capabilities, you'll need Red-M's Red-Vision management add-on package. Red-Vision is probably a must-have for larger enterprise installations. Red-M didn't provide Red-Vision for my review.
To set up the Red-Detect server with the typical IP address and password parameters, you must use a crossover Ethernet cable. You also need to install on a workstation the Red-Detect console application, which then lets you contact the Red-Detect server to manage the server, the sensors, and the wireless network monitoring parameters. The Red-Alert PRO sensors have no serial interface, so I had to configure a workstation to have an IP address on the same default network as the sensors would use, then reconfigure the sensors with an address on the network and tell them the address of the Red-Detect management server. Alternatively, the sensors can use DNS queries to find the management server.
Once the server and sensors were online and communicating, I could use the Red-Detect console application on my workstation for monitoring and management. As Figure 3 shows, the Red-Detect console uses a typical treeview layout like AirDefense and AirMagnet, but the information that Red-Detect's interface displays isn't nearly as extensive or detailed. The interface's simple design and capabilities made it easy to navigate and use for configuration and monitoring; however, the online Help lacks context sensitivity and detail.
Red-Detect sends alerts only via SNMP, so you need a third-party SNMP solution if you don't want to sit in front of the console watching for problems. Unlike AirDefense and AirMagnet, Red-Detect doesn't provide any means of establishing policies for use in monitoring. Instead, the product relies on a variety of predefined event types that trigger logging and SNMP traps. For example, the product can track rogue devices, intrusion attempts, probing, wireless attacks, and an assortment of other activities. But the console and sensors couldn't tell me when an AP and client station weren't using encryption.
As you can see in Figure 3, Red-M provides some basic graphical reporting features, which can be useful. You can change the layout from bar graph to line graph and save the graphs to disk, but Red-M has no other built-in reporting facilities, so, for example, you can't generate printed reports unless you purchase Red-Vision.
One particularly interesting Red-Alert PRO feature is that in addition to monitoring 802.11a, 802.11b, and 802.11g networks, the Red-Alert PRO probes can monitor Bluetooth devices. Another attractive feature is the way the solution handles countermeasures against potential intruders. Like AirDefense and AirMagnet, Red-Detect can launch DoS attacks against intruders. An administrator must manually initiate the countermeasure, and after a configurable period of time (as many as 10 minutes) has elapsed, the DoS countermeasure stops automatically. This approach prevents a situation in which an administrator might forget to stop countermeasure activity.
A Buying Decision
All three products are designed for enterprise-size networks. However, if your small business needs only a few sensors and you want a standalone hardware-based solution to monitor your environment, Red-M's products are the best solution of the three for you because the Red-Alert PRO sensors, priced at $300 each, can operate without a management server.
If you have a midsized or large enterprise and you need to monitor a variety of sites and hardware platforms, consider the functionality offered by each of the three products to determine your needs and total cost of ownership (TCO). If you prefer a software-based solution that can run on your own hardware, AirMagnet is the clear choice because you can install its sensor software on any system that has a supported wireless network card. If you prefer a turnkey solution that includes a preconfigured server platform, then consider AirDefense. You can use AirDefense's Java-based management console on any Java-enabled platform, whereas the AirMagnet and Red-M management consoles operate only on Windows.
If your decision depends heavily on price, be aware that for midsized and large enterprises that need countermeasures and good reporting capabilities, Red-M's solution is the most expensive of the three. AirDefense's and AirMagnet's base packages are superior to Red-M's. Countermeasures are built into AirDefense and AirMagnet but are a $3000 add-on to a Red-M solution. You also pay extra to get in-depth reporting capabilities from Red-M.
Register
