The addition of WiFi networks, sometimes known as wireless LANs (WLANs), in a corporate environment can introduce a whole new class of threats for network security. Rogue access points can be installed by employees fairly easily and, because of their relatively small size, can be tucked away in corners and eventually forgotten. However, easy installation often translates to low security, especially for those whose full-time job isn’t security related. These rogue access points probably don’t adhere to corporate network security policies and therefore can introduce vulnerabilities into otherwise reasonably well-protected networks. If you’ve ever wondered what’s traveling over the WiFi airwaves around your office, wanted to ensure that your WiFi network was performing well, or needed to know if any rogue devices were lurking on your WiFi network, Fluke Networks’s AirMagnet WiFi Analyzer Pro might be just the tool for you.
This management software requires at least one WiFi interface device from the vendor’s approved list that isn’t currently operating as a live WiFi device. This device is used as an observer of traffic in the WiFi spectrum. The device can be installed on a desktop station to observe the traffic from a fixed location, or it can be attached to a roving laptop computer to check the WiFi network at different locations throughout the building or campus. A license for each listening device is required for AirMagnet WiFi Analyzer Pro. Although the list of approved devices is currently somewhat limited, it might improve in time. I connected a USB WiFi device to my Windows 7 desktop system for testing.
AirMagnet WiFi Analyzer Pro has a handy dashboard view that shows signal strength for each of the WiFi channels in the 2.4GHz and 5GHz bands for 802.11a/b/g/n networks; a channel utilization graph; and charts showing “top talkers,” SSIDs by utilization, active device type, and more. From the main screen, you can also get a comprehensive list of all devices or subset lists of just the access points, individual stations, and ad hoc networks.
For my tests, I used my organization’s own 802.11g and 802.11n access points and devices; I was also able to show activity from other nearby WiFi networks. In addition, in the views for devices, access points, and stations, I was able to place alias names on known devices and classify others as rogue devices. This let me quickly identify known devices on my organization’s networks, as well as ensure that rogue devices weren’t attempting network access. AirMagnet WiFi Analyzer Pro not only shows the devices on the networks but also indicates which access points (SSID) they’re using.
I like the device lists’ color coding, which indicates how recently devices have been active: green for currently active (within the past 5 seconds), yellow for activity within 5 to 60 seconds, red for activity within 60 to 300 seconds, and gray for activity more than 300 seconds (5 minutes) old. You can sort the lists by any of the columns, which lets you check by time of activity, signal strength, SSID being accessed, and so on. You can also filter the views by several criteria, to help manage large networks.
AirMagnet WiFi Analyzer Pro provides signal-to-noise and signal-strength graphs for each WiFi channel. To show WiFi activity, I downloaded data from websites, created file shares between Windows 7 laptop computers, transferred files between systems over the air, and measured the results. You can perform traffic analysis by access point, top 10 stations, top 10 channels, and top 10 devices. You can further organize the results by various criteria. The report in Figure 1 shows the top 10 devices by speed. The chart shows the speed of data transfer, indicating how many bytes were transferred at which speed level.
Figure 1: AirMagnet WiFi Analyzer Pro traffic analysis report
The software also provides reports that show alarm conditions and compliance reports for various regulations. AirMagnet’s alarm reports show activity that exceeds various thresholds. The compliance reports can help with HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, Department of Defense (DoD) Directive 8100.2, FISMA, Basel II, ISO 27001 compliance, and more.
AirMagnet WiFi Analyzer Pro reports on dozens of security risks or potential security risks, including devices not protected by encryption, rogue devices, and more. In my file transfer tests, the software was able to detect the file transfers by noting the large number of Clear-to-Send (CTS) signals being transmitted.
Regardless of whether you’re working in a large corporate environment or a small business environment, software for managing your WiFi networks is a good investment. AirMagnet WiFi Analyzer Pro helps you monitor your network traffic, ensure that the network is performing well, and alert you to any rogue devices.
AirMagnet WiFi Analyzer Pro