Most agree that in an ideal world, network administrators would operate wired and wireless LANs from a single pane of glass. however, this goal becomes challenging when the protocols of each network are different, as with Wi-Fi and Ethernet.
Like multicast and quality-of-service (QoS) functions described in earlier newsletters, intrusion detection and prevention capabilities work differently on the wired and wireless sides of the corporate Ethernet switch.
Back to school IT projects reshape campus life
Wireless intrusion detection and prevention systems (WIDS/WIPS) take a Layer 2 view of Wi-Fi clients and access points (AP). They identify rogue (unauthorized) devices attempting to connect to network resources and are on the lookout for possible attacks to the Wi-Fi protocol.
Such attacks might comprise a hacker nefariously instructing a client to disassociate from an AP or to associate with a rogue.
And because there is no physical cable, exploits can occur at the radio-frequency (RF) physical connection layer (Layer 1) that may or may not be intentional. RF jammers can cause complete denial of service. other interferers, such as microwave ovens, wireless video cameras, cordless phones, co-channel interference and so forth, may be minor nuisances that don’t impact performance, or they might be intrusive enough to topple the WLAN.
Layer 1 monitoring and classification of interfering devices are generally referred to as "spectrum analysis," not WIPS. Spectrum analysis is a performance and troubleshooting function rather than a security function.
On the wired Ethernet, traditional IDS/IPSs operate at the upper network layers, focused on security. They ferret out attacks and exploits to the IP protocol, applications and operating systems.
Antivirus software on laptops might work in conjunction with IDS/IPS software in WAN access routers and possibly elsewhere in the wired network, monitoring wired-network traffic flows looking for malware and suspicious signatures. Once found, the signatures can be quarantined or filtered off the network.
The upshot of all this is that though IDS/IPS functions are referred to by similar names, they differ depending on whether they are conducted on the RF or the Ethernet side of the network. for now, that means they must be configured and maintained separately, generally from different management screens.
Read more about wireless & mobile in Network World's Wireless & Mobile section.
Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.
Fighting intrusions on both sides of the switch