Re: Wireless IDS

[Etienne Maynier <etienne.maynier () gmail com>]

Hi list,

Thanks for all your answers on this topic.
Maybe my result can interest some people, so I share :

About products, I found these :
-Kismet
-snort-wireless (abandoned)
-Airsnare
-AirStop from CodeRed (-http://www.code-red.biz/html/as-download-page.htm)
-AirDefense from Motorola
(http://www.airdefense.net/products/admobile/index.php)
-Airmagnet ( http://www.airmagnet.com/products/wifi_analyzer/ )
-Cisco (Cisco LWAP
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_package.html)
-Aruba Networks (http://www.arubanetworks.com/solutions/wids_widp.php)
-SonicWall (http://www.sonicwallsecure.com/sonicwall-content-filtering)
-ManageEngine (http://www.manageengine.com/wireless-network-management/index.html)
-AirSnare ( http://home.comcast.net/~jay.deboer/airsnare/ )
-AirTight (http://www.airtightnetworks.com/home/solutions/wireless-intrusion-prevention.html)

I should have the main products but tell me if I miss one.

About articles, these are realy interesting :
-http://revistaie.ase.ro/content/47/23Timofte.pdf
-http://dpnm.postech.ac.kr/papers/SSI/2006/AN%20INTRUSION%20DETECTION%20SYSTEM%20IN%20REAL%20TIME%20FOR%20WIRELESS%20802.11.pdf
-http://www.sans.org/reading_room/whitepapers/honors/wireless_attacks_from_an_intrusion_detection_perspective_1681?show=1681.php&cat=honors

Thanks again for your help, if you are working on this topic, please
send me a mail, I would be glad to have a short speak about it.
Bye


2010/2/23 Dartagnan Rios <dartagnan.rios () gmail com>:
> I know, Sonicwall TZ 200W. IPS, but select check box like "detect all", IDS.
>
> Best Reguards
>
> 2010/2/23 Fabien VINCENT <fabvincent () gmail com>
> > Hi Etienne,
> >
> > I know some products like Cisco LWAPP products have an integrated IPS
> > (WiSM ou WLC controllers)
> >
> > I'm sure you need a centralized solution to correlate events between
> > many access points, as an attacker can try to get access to your wifi
> > using different BSSID on the same ESSID, if you have access points on
> > different channels (often 1/6/11 in France) to allow fast roaming.
> >
> > I don't know if there are other Wireless IPS solutions, but if you
> > have, I'm looking for too !
> >
> > Fabien VINCENT
> > -------------------------------------------------------------------
> >
> >
> > On Mon, Feb 22, 2010 at 22:26, Etienne Maynier
> > <etienne.maynier () gmail com> wrote:
> > > Hi everybody,
> > >
> > > I'm working on Wireless IDS , how does it work and is it really
> > > efficient ?
> > > But for the moment, my reasearches are not very good, there is few
> > > documentation on this subject.
> > >
> > > Do you know if this technology is really used in companies nowadays ?
> > > Are there free/commercial products often used in companies ?
> > > Furthermore, if you have documentation about it, it would be usefull
> > > forme.
> > >
> > > Thanks list
> > > Etienne
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > > full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
>
>
> --
> Dartagnan Rios
> Administrador de Redes
> IBM Certified Specialist System X
> Microsoft Certified Professional - Windows 2000 Server
> Debian GNU/Linux

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------