Content

RFprotect Distributed 5

Standard network tools don’t work to detect and monitor your company’s wireless network policy, which is where this product steps in.

The system consists of a central console feeding into the open source Firebird SQL server, and distributed 802.11a/b/g wireless sensors. These have through-ports for PoE, so you can power the sensor and your access point without having to run new cabling.

The sensors and the information they report are configured from the central console, RFprotect. It has a useful Dashboard mode, a bit like on traffic sniffers, so you can get a quick overview of what’s happening on your network.

Getting your hands dirty and configuring the system isn’t for the faint-hearted, as there are lots of options and it is not the most intuitive application. However, it is very thorough and extremely well thought out. Once set up, you can use DHCP and DNS to automate deployment of new sensors, and the default policies are pretty good. You can import floor plans of your building, set the scale and tell it where the sensors are located. When a rogue access point or client is detected, you can triangulate its position using your sensors and have the results shown on your floor plan.

While you’ll only get a rough position, it’s enough that you can take a handheld tool and manually track the device down.

The sensors will detect every wireless device on your network, so you must choose whether they are authorised or not, so it will take a while to get the system running smoothly.

While you can define RFprotect so it just monitors and reports on the state of your network, you can also build-in protection by using UltraShield. This can be triggered by your policy to block rogue devices from communicating. The system is smart enough to track a device’s movements and will automatically reconfigure which sensor should block its transmissions.

A lot of your work will be done in PolicyEnforce, which describes what the system should do when it detects certain events. It’s quite a daunting application, and new rules are fairly difficult to build, so give yourself time to learn the system.

The five default policies cover the majority of what most organisations will want to achieve (such as blocking authorised users from unauthorised APs, and vice versa).

Product title
RFprotect Distributed 5
Product info
Name: RFprotect Distributed 5 Description: Price: sensors start at $399; Starter Pack from $7,999 (five sensors, Threat Protection Engine, one year maintenance); RFprotect Mobile is $3,999 (includes compatible wireless card)
Strength
Very flexible; blocks dangerous and rogue access points.
Weakness
Difficult to get to grips with.
Verdict
Rather daunting when you first use it, but it is actually a highly flexible monitoring and prevention tool.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds