A wide variety of these products stands ready to help identify and troubleshoot security and performance issues related to wireless technology. However, based on our tests of a range of these solutions, we believe companies should carefully assess their wireless security needs because their existing infrastructure devices may already fulfill them.
Wireless IDS solutions range from handheld products that are designed for on-the-spot troubleshooting at a point in time, to capabilities integrated into existing access points and managing switches, to distributed fleets of sensors that provide round-the-clock coverage.
Defensive overlay products enable a host of security and performance monitoring capabilities and have strong policy options that alert administrators to any signs of trouble. Defensive overlay network vendors are rapidly adding features that not only alert but also can be configured to isolate and block wayward connections over the wire or over the air.
Despite recent reports of vulnerabilities in the RADIUS (Remote Authentication Dial-In User Service) authentication mechanism upon which 802.11i is based, 802.11i goes a long way toward equalizing the security of known, managed devices on wireless networks and on wired ones. 802.11i does so by delivering strong standard;s-compliant encryption via AES (Advanced Encryption Standard) and port-based 802.1x authentication to WLANs (wireless LANs). [Editors note Also look to 802.1x]
However, many threats remain outside the scope of 802.11i, including access points and client nodes that are loosely maintained (or are completely outside IT’s control). Employees installing their own unsecured access points on a corporate network leave a wide-open vector for LAN attacks that bypass network firewalls and wireless security measures implemented by IT. And misconfigured and unsecured client devices also represent a significant threat. With the proliferation of WLAN hot spots and wireless devices in the home, users are leveraging their wireless connections in a multitude of locations.
In tests, eWEEK Labs has encountered interesting results from a misconfigured client bridging the internal wired network and an unknown wireless network.
http://www.eweek.com/article2/0,1759,1633282,00.asp