Linux Today: Linux News On Internet Time.

More on LinuxToday

PR: IBM Debuts First Self-Diagnostic Wireless Security Tool on Linux

Jun 17, 2002, 13:00 (4 Talkback[s])


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

HAWTHORNE, N.Y., June 17, 2002 -- IBM Research has demonstrated the industry's first self- diagnostic tool that can automatically monitor 802.11 wireless networks and report security problems in real-time. The Distributed Wireless Security Auditor (DWSA), which runs on desktop and laptop computers, can monitor wireless network security and report to the central back-end servers minute by minute, 24 hours a day, seven days a week.

IBM researchers introduced its first version, the Wireless Security Auditor (WSA) last summer, which runs on a small wireless PDA running Linux. IBM Global Services quickly developed a specific services offering that deploys software tools, including the WSA, to help customers safeguard and perform risk assessments of their wireless networks. Researchers have now extended the tool, making it more autonomic by adding self-sensor and self-diagnosis features. Running as a lightweight process on wireless clients in an enterprise, DWSA can quickly report wireless infrastructure security issues to system administrators.

"As 802.11 wireless networks have become more popular, their security has to be checked frequently to ensure they are still secure," says Dave Safford, manager of Global Security Analysis Lab at IBM Research. "Our self-diagnostic tool takes advantage of the many wireless clients already out there by having them continuously monitoring the security of the wireless network and reporting anomalies to a central server, all without human intervention."

The DWSA system, which runs on Linux on desktops and laptops, can accurately pinpoint the location of any rogue access points, enabling network personnel to quickly find and then fix or remove them, unlike other wireless auditors that require personnel to perform time consuming physical searches by walking around the site. DWSA locates rogue access points based on signal strength measurements by the wireless hardware on the distributed clients. The signal strengths vary with the distance from the rogue, and can be used to estimate the actual distance. As long as at least three client machines report the signal strength of the rogue, their reports can be used by the system to calculate the access point location using the estimated ranges and simple geometry. The Windows version will be ready shortly.

Existing security for 802.11 wireless consists of two subsystems: a data encryption technique called Wired Equivalent Privacy (WEP) and an authentication method, either Shared Key or 802.1x. Both the encryption and authentication are optional, and wireless access points are typically shipped with both turned off. Wireless network security needs to be checked frequently since employees can easily add new wireless devices, which may become easy access points for hackers. This tool allows system administrators at the central location to find what access points exist and examine their configuration remotely so that they can take proper steps to keep the wireless network secure.

DWSA acts as an extension of IBM's security consulting team by continuously monitoring customers' wireless systems so they can enjoy the benefits of wireless technology with the security of wireline computing. In addition, a new wireless risk assessment offered by IBM Global Services for WLANs uses a combination of tools, techniques and methodology to help customers evaluate their security posture. As part of a full family of wireless services, the Wireless Security Auditor for LANs is used by IBM consultants to detect wireless access points that do not have the appropriate security. A set of recommendations are sent to the customer, as well as a proposal to address security issues detected. These recommendations go beyond the simple technology and cover processes and security policies as well.

IBM Tivoli Risk Manager continues to expand on its vulnerability management capabilities by extending its support to wireless network vulnerability management based on the DWSA. IBM Tivoli Risk Manager monitors output of the DWSA and other security checkpoints giving administrators a complete view of e-business security exposures, intrusions and wireless network vulnerability.

The wireless security tool was developed in collaboration with the IBM Personal Computing Division, which is investigating the potential of including it on future ThinkPad models. ThinkPads are already equipped with built-in 802.11b wireless networking capability.

For further information on DWSA, visit to www.research.ibm.com/gsal/dwsa. Further information on IBM Research can be found at: www.ibm.com/research.

Related Stories: