One of the biggest threats a company can face is unauthorised access points being added to its network. These can often go undetected, but open a gaping hole in your company’s defences. WiSentry is designed to detect and monitor for these events and warn you as soon as they happen.
It’s one of the easiest products to install and consists of a master server and remote agents. Detection of access points is done over the wired network, so you might need multiple agents for separate network segments and VLANs.
After installing our server, it detected our US Robotics “rogue” access point in seconds. Detection is based on network traffic that the sensor can see, so it might take a while for an access point to be discovered, particularly if it’s not used a lot.
Each discovery is given a rating based on the probability that it is an access point. The sensor uses a range of different probes to try and confirm an access point, and will drop items that it can rule out.
By default, the software will just list discovered access points, but it won’t do anything with the information. For this to happen, you need to configure alerts. An alert is based on an access point’s percentage rating, so you can escalate the alerts and responses the more certain it gets that a rogue point has been discovered. Options include sending an email, SNMP trap, pop-up message or entering a new log entry. You can manually authorise access points you know are yours, so that you stop getting alerts about them.
Once a rogue access point has been discovered, WiSentry does little to help you remove it, although the SNMP MIB can be integrated with an outside network management tool to take action such as disabling the port.
Because WiSentry is a wired product, no detection tools are built in, and you don’t get any information about the wireless network, such as its ESSID. You’ll also need a secondary detection tool such as NetStumbler to locate the rogue access point and get it off the network.
Other products on test make a much better go of this, and some can even block access to rogue access points by using their remote wireless sensors. However, WiSentry is a cost-effective product that’s very easy to use.
For smaller networks or enterprises with well-managed network architectures, it will quickly help you detect rogue access points and shut them down before they become a big problem.