October 08, 2003, 2:27 PM — Citing the "explosion" of wireless hotspots in public spaces, homes and businesses, IBM Corp. on Wednesday unveiled a new managed IDS (intrusion detection service) targeted at wireless networks.
The new wireless intrusion detection service uses "sniffing" technology developed by IBM that can detect the presence of unauthorized ("rogue") access points, denial of service attacks, improperly configured access points and compromised Wired Equivalent Privacy (WEP) encryption keys, according to Jim Goddard, security principal at IBM Global Services.
The new service relies on a network of Linux appliances that act as wireless sensors and are deployed similar to wireless access points within an office, Goddard said.
"They look like fuse boxes mounted on the wall," Goddard said.
The sensors monitor wireless network activity using wireless attack signatures developed by IBM. Warnings about possible attacks are relayed to a Tivoli Risk Manager console at an IBM Global Services operations center in Boulder, Colorado, Goddard said.
That center operates 24 hours a day, seven days a week and allows customers to respond quickly to wireless attacks, he said. Because wireless attackers must be within range of access points to launch an attack, that response might involve summoning security guards to intercept someone who is reconnoitering wireless access points on a corporate campus or trying to compromise a company's wireless infrastructure.
"The technology is doing the same thing that IDS has done for a long time, but the response is different. With a wireless attack, you could be talking about somebody in a parking lot outside the corporate headquarters as opposed to 10,000 miles away with a traditional (Internet) attack," Goddard said.
Customers will receive daily reports that summarize wireless security events, as well as monthly trend analysis reports from IBM, Goddard said.
IBM became attuned to wireless security issues after hearing complaints from many of its managed services customers.
"In our managed environments, this has already become an issue. There's this sense that wireless networks need protection, but that it should be integrated with an overall managed plan," he said.
The Armonk, New York company will be marketing the new wireless IDS service to companies of all sizes that need to lock down wireless networks. The service may also appeal to companies opposed to introducing wireless technology, preventing employees from setting up their own wireless access points in cubicles, Goddard said.
Customers do not need to be using Tivoli or have an existing relationship with IBM Global Services to take advantage of the new service, but will need to have the network of wireless sensors installed as well as a device to collect data inputs from the wireless sensors and forward them to IBM's monitoring facility, Goddard said.