HAWTHORNE, N.Y., June 17, 2002 -- IBM Research has demonstrated
the industry's first self- diagnostic tool that can automatically
monitor 802.11 wireless networks and report security problems in
real-time. The Distributed Wireless Security Auditor (DWSA), which
runs on desktop and laptop computers, can monitor wireless network
security and report to the central back-end servers minute by
minute, 24 hours a day, seven days a week.
IBM researchers introduced its first version, the Wireless
Security Auditor (WSA) last summer, which runs on a small wireless
PDA running Linux. IBM Global Services quickly developed a specific
services offering that deploys software tools, including the WSA,
to help customers safeguard and perform risk assessments of their
wireless networks. Researchers have now extended the tool, making
it more autonomic by adding self-sensor and self-diagnosis
features. Running as a lightweight process on wireless clients in
an enterprise, DWSA can quickly report wireless infrastructure
security issues to system administrators.
"As 802.11 wireless networks have become more popular, their
security has to be checked frequently to ensure they are still
secure," says Dave Safford, manager of Global Security Analysis Lab
at IBM Research. "Our self-diagnostic tool takes advantage of the
many wireless clients already out there by having them continuously
monitoring the security of the wireless network and reporting
anomalies to a central server, all without human intervention."
The DWSA system, which runs on Linux on desktops and laptops,
can accurately pinpoint the location of any rogue access points,
enabling network personnel to quickly find and then fix or remove
them, unlike other wireless auditors that require personnel to
perform time consuming physical searches by walking around the
site. DWSA locates rogue access points based on signal strength
measurements by the wireless hardware on the distributed clients.
The signal strengths vary with the distance from the rogue, and can
be used to estimate the actual distance. As long as at least three
client machines report the signal strength of the rogue, their
reports can be used by the system to calculate the access point
location using the estimated ranges and simple geometry. The
Windows version will be ready shortly.
Existing security for 802.11 wireless consists of two
subsystems: a data encryption technique called Wired Equivalent
Privacy (WEP) and an authentication method, either Shared Key or
802.1x. Both the encryption and authentication are optional, and
wireless access points are typically shipped with both turned off.
Wireless network security needs to be checked frequently since
employees can easily add new wireless devices, which may become
easy access points for hackers. This tool allows system
administrators at the central location to find what access points
exist and examine their configuration remotely so that they can
take proper steps to keep the wireless network secure.
DWSA acts as an extension of IBM's security consulting team by
continuously monitoring customers' wireless systems so they can
enjoy the benefits of wireless technology with the security of
wireline computing. In addition, a new wireless risk assessment
offered by IBM Global Services for WLANs uses a combination of
tools, techniques and methodology to help customers evaluate their
security posture. As part of a full family of wireless services,
the Wireless Security Auditor for LANs is used by IBM consultants
to detect wireless access points that do not have the appropriate
security. A set of recommendations are sent to the customer, as
well as a proposal to address security issues detected. These
recommendations go beyond the simple technology and cover processes
and security policies as well.
IBM Tivoli Risk Manager continues to expand on its vulnerability
management capabilities by extending its support to wireless
network vulnerability management based on the DWSA. IBM Tivoli Risk
Manager monitors output of the DWSA and other security checkpoints
giving administrators a complete view of e-business security
exposures, intrusions and wireless network vulnerability.
The wireless security tool was developed in collaboration with
the IBM Personal Computing Division, which is investigating the
potential of including it on future ThinkPad models. ThinkPads are
already equipped with built-in 802.11b wireless networking
For further information on DWSA, visit to
www.research.ibm.com/gsal/dwsa. Further information on IBM Research
can be found at: www.ibm.com/research.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.