Coming WIPS Advancements?
3 Comments
WLAN networks within enterprises have become more and more mission critical. Especially with rapid adoption of 802.11n technology, customers are enabling mission critical applications that are bandwidth intensive as well as delay/jitter sensitive over the WLAN network. Thus dedicated WIPS system play a key role in not only enabling the customer to manage the security policy but helping to proactively detect & prevent WLAN performance issues. Thus the requirement for WIPS system to manage availability and QoS of the WLAN network proactively rather than reactively.
Customers' deployment environment will continue to change and new wireless vulnerabilities will continue to proliferate. Thus zero day attack detection & protection is a critical element of dedicated WIPS. There has to be sufficient threat detection, classification, and prevention capabilities to deal with emerging wireless threats.
Today, WIPS systems from Motorola will offer powerful wireless network assurance capabilities that include remote troubleshooting and the ability to run Helpdesk tools optimized to efficiently solve wireless connectivity and performance problems, without having to send experts on site. The WIPS sensor can also be leveraged as a wireless client to perform AP testing - a feature that facilitates remote testing of network connectivity from the perspective of a wireless station. By utilizing the dedicated radio of a wireless sensor to simulate a wireless client station, true end-to-end network testing can verify all aspects of the wireless application’s data path. Connectivity tests can be customized to verify the specific wireless configuration, wired network configuration and application server availability. These tests can be configured to run automatically on a pre-configured schedule or on demand as needed to proactively identify issues before they impact users.
In future, the WIPS system will be leveraged not just for wireless security and compliance but also for wireless network assurance and WLAN management.
The most important advances will be in the area of staying in step or ahead of the hacking community to ensure full coverage of customer networks. AirMagnet has noted the rise of what we call hybrid attacks. Karmetasploit, for instance, is a combination of Karma and Metasploit. Metasploit is an attack generally used on the wired side to compromise clients and the Karma attack lures client devices to associate to a fake AP. Karmetasploit, the combination of these two techniques, is particularly insideous and (unfortunately) effective.
In addition to this, AirMagnet has seen other combination attacks, such as vulnerabilities in TKIP when used in conjunction with 802.11e and assorted infrastructure vulnerabilities that clearly demonstrate the need for ongoing security research, something which is definitely not found from infrastructure vendors themselves.