IBM unveils wireless IDS service

Citing the "explosion" of wireless hotspots in public spaces, homes and businesses, IBM Corp. on Wednesday unveiled a new managed IDS (intrusion detection service) targeted at wireless networks.

The new wireless intrusion detection service uses "sniffing" technology developed by IBM that can detect the presence of unauthorized ("rogue") access points, denial of service attacks, improperly configured access points and compromised Wired Equivalent Privacy (WEP) encryption keys, according to Jim Goddard, security principal at IBM Global Services.

The new service relies on a network of Linux appliances that act as wireless sensors and are deployed similar to wireless access points within an office, Goddard said.

"They look like fuse boxes mounted on the wall," Goddard said.

The sensors monitor wireless network activity using wireless attack signatures developed by IBM. Warnings about possible attacks are relayed to a Tivoli Risk Manager console at an IBM Global Services operations center in Boulder, Colorado, Goddard said.

That center operates 24 hours a day, seven days a week and allows customers to respond quickly to wireless attacks, he said. Because wireless attackers must be within range of access points to launch an attack, that response might involve summoning security guards to intercept someone who is reconnoitering wireless access points on a corporate campus or trying to compromise a company's wireless infrastructure.

"The technology is doing the same thing that IDS has done for a long time, but the response is different. With a wireless attack, you could be talking about somebody in a parking lot outside the corporate headquarters as opposed to 10,000 miles away with a traditional (Internet) attack," Goddard said.

Customers will receive daily reports that summarize wireless security events, as well as monthly trend analysis reports from IBM, Goddard said.

IBM became attuned to wireless security issues after hearing complaints from many of its managed services customers.

"In our managed environments, this has already become an issue. There's this sense that wireless networks need protection, but that it should be integrated with an overall managed plan," he said.

The Armonk, New York company will be marketing the new wireless IDS service to companies of all sizes that need to lock down wireless networks. The service may also appeal to companies opposed to introducing wireless technology, preventing employees from setting up their own wireless access points in cubicles, Goddard said.

Customers do not need to be using Tivoli or have an existing relationship with IBM Global Services to take advantage of the new service, but will need to have the network of wireless sensors installed as well as a device to collect data inputs from the wireless sensors and forward them to IBM's monitoring facility, Goddard said.

IBM is not alone in the wireless security space, and its wireless IDS service still lacks many features offered by other, albeit smaller, competitors.

For example, AirDefense Inc. of Atlanta already sells a wireless IDS product. Like IBM's new service, AirDefense's system relies on a distributed network of sensors that monitor wireless access points and spot emerging attacks.

Whereas IBM's wireless IDS service can spot compromised or misconfigured access points, the latest edition of the AirDefense system can actually shut them down remotely.

AirDefense's technology also supports a wider range of wireless standards than IBM, including 802.11a, b and g wireless protocols and the WPA (Wi-Fi Protected Access) encryption standard. IBM's system just supports the common 802.11b standard and WEP (Wired Equivalent Privacy) encryption, according to Goddard.

IBM is working to integrate support for 802.11a and 802.11g as well as encryption standards like WPA and Cisco System Inc.'s LEAP (Extensible Authentication Protocol), but will not be able to offer it before the first quarter of 2004, Goddard said.

Intrusion prevention features that enable customers to shut down access points are also in the works, but not target date is available for those features, he said.

The wireless IDS service is available immediately. Companies must pay a one time US$30,000 fee to set up the wireless sensor network. Annual support subscriptions cost $50,000, Goddard said.

The market for wireless security products and services like IBM's wireless IDS is still in its infancy, according to Laura Koetzl, senior analyst at Forrester Research Inc.

However, there is already enough interest in wireless networks among companies in high-tech, financial services, health care and manufacturing to provide a steady stream of consulting revenue for IBM from the wireless IDS service, she said.

Many of those companies are eager to deploy widespread wireless networks on corporate campuses and within office buildings, but are reluctant to because of the security issues that surround the current generation of wireless LAN technology and fears about intrusions and the loss of critical data, she said.

IBM's new service may appeal to those companies, which often lack the staff and expertise to be able to audit their own wireless LANs, she said.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies