Wireless networking appears to be a double-edged sword. Along with all the convenience and cost benefits come significant security issues. More organizations might turn to wireless solutions for many of their employees if they had more confidence in being able to secure access to wireless networks. New protocols promise to bolster wireless security in the future, but in the meantime, several companies have developed solutions that organizations can use right now to protect wireless networks from intrusions.

ReefEdge and AirDefense are among those offering security products that can help you safeguard wireless network access. Their products take similar approaches to securing wireless connections, but each has distinguishing features that give administrators and IT departments some options to weigh. A comparison of the two solutions may help you decide which—if either—may offer the kind of protection you need to secure a wireless deployment.

Two-pronged solutions
Two components make up both the ReefEdge and AirDefense wireless security solutions: a server appliance that manages the rules governing system security, and edge devices that monitor access points. In the ReefEdge system, the edge devices, called Edge Controllers, scale according to performance needs and network size.

The AirDefense edge devices are sensors that come in two varieties. One merely monitors the airwaves and transmits data to the server appliance. The other is the newly introduced ActiveDefense sensor, which performs intrusion protection functions. Figure A shows the topology of the Air Defense system.

Figure A
Air Defense topology diagram

In the AirDefense system, each sensor can monitor multiple (two to four) access points. The bigger your network and the more access points, the more sensors you’ll need to monitor them. The regular sensors are passive—they simply transmit collected data back to the server appliance, which analyzes the information and enforces security rules. The ActiveDefense sensors, however, are active and perform intrusion protection functions. When unauthorized accesses are detected, the ActiveDefense sensors can disconnect intruders and trap them to prevent access to the LAN.

ReefEdge Edge Controllers are available in several models, from the EC25 on the low-end up to the EC200 on the high-end, which supports bigger performance demands. The Edge Controllers are distributed rule enforcement servers that are centrally configured and managed via the server appliance.

A key difference between the two systems is that ReefEdge distributes policy enforcement to the edge devices, whereas AirDefense maintains enforcement and analysis at the server and merely relies on the regular sensors to relay data back to the server. Figure B shows a multipoint comparison of the two products.
Figure B

ReefEdge Edge Controllers

AirDefense Sensors
Connect access points to wired LAN Capture 802.11 Packets
Enforce access control rules Transmit data to server appliance
Implement bandwidth management ActiveDenfense sensors block intrusions, trap intruders
Perform encryption  
Centrally managed Centrally managed
Different models scale according to performance needs, network size More access points, large network-more sensors

A comparison of the two solutions

Both server appliances are configured and maintained via a browser interface that allows for remote administration. You can configure different user profiles to grant varying access rights to IT staff members.

Another important difference between the products is that ReefEdge offers a range of devices to scale to varying needs, whereas the AirDefense system simply relies on installing additional devices to cover larger networks or more access points.

ReefEdge offers these models:

  • The Connect Server 50 is for smaller installations. This model acts as both the server and Edge Controller, with coverage for up to six access points.
  • The Connect Server 100 is designed for larger networks and acts as the central management appliance for the Edge Controllers.
  • The EC25 supports three to five access points.
  • Higher-end controllers support 10 to 20 access points, up to the EC200 model, which ReefEdge says is aimed at data centers and large corporate networks.

In the AirDefense system, one server appliance is needed for each subnet, with a varying number of sensors, depending on the number of access points installed. If you want the AirTrap and AirBlock intrusion protection features, you’ll need to install ActiveDefense sensors in addition to regular sensors.

Intrusion protection
The biggest difference between the two systems is AirDefense’s intrusion detection and intrusion protection features, which are available as part of its ActiveDefense module. Without the ActiveDefense module, the AirDefense server simply performs intrusion detection based on known signatures and can also assess and report vulnerabilities. Integrated into the AirDefense detection engine are signatures and fingerprints from major product vendors, including Cisco, 3Com, Linksys, Agere, and Apple. It is thus able to discern spoofed MAC addresses and report them as intrusions. The AirDefense system can report these unauthorized accesses:

  • Rogue and fake access points
  • WLAN stations
  • Ad hoc networks
  • Reconnaissance activity
  • Unapproved vendor equipment

When ActiveDefense sensors are added to the mix, the system can also block and trap intruders. Any intruders identified by the ActiveDefense sensor are disconnected. If they attempt to reconnect, ActiveDefense connects them to AirTrap, which appears to be an access point to the intruder but which actually provides no access to the network itself. All incidents and actions taken are logged so that they can be reviewed by the administrator.

The behavior of ActiveDefense is configurable via the AirDefense management console. You can set various modes and allow and deny actions similarly to setting up firewall policies.

Weighing the options
AirDefense provides some additional functionality that can better secure wireless networks, but ReefEdge’s devices may be more scaleable to fit a wide range of user needs. In either case, securing wireless networking isn’t cheap.

AirDefense starts users out with one server appliance and 45 regular sensors for about $20,000. From there, customers are charged according to the number of access points they need to cover.

Since ReefEdge takes the approach of devices that scale according to need, its appliances can potentially cost less in the long run. But they lack the intrusion protection features of the AirDefense solution, so you might need to purchase additional products if you want full-scale intrusion protection.

Because of the wide variation in the size of the solutions ReefEdge can provide, it’s hard to give a one-size fits all cost estimate. Its low-end sensor, the EC25, costs $1,800, while its high-end sensor costs $7,500. Keep in mind that there are two other sensor products in between these two, and the number of sensors you’ll need will vary greatly according to your wireless network topology.