As WLANS (wireless local area networks) continue to be deployed throughout the enterprise, administrators need tools to help them audit wireless network installations, analyse performance, and identify security issues. One of the big security issues facing wireless networks today is the number of rogue access points that employees may install on the network, exposing the organisation's network and data to unauthorised users and malicious hackers.
Network Instruments' Observer line of software provides administrators an easy way to monitor wireless networks and help pinpoint those rogue access points. Observer comes in three flavours - Observer, Observer Expert and Observer Suite - with Expert and Suite adding functionality such as real-time expert analysis and SNMP probes, respectively. We tested Observer Suite 8.1, and it displayed an ease-of-use and low price point that helped earn it a Deploy rating.
Observer is a protocol analyser, similar to products offered by Sniffer and WildPackets. With the introduction of wireless capabilities, Observer has become one of the better protocol analysers we have seen. The biggest plus for Observer is that the product includes all the components you need to analyse wired, fibre optic, and wireless networks; other analysers typically focus on either wireless, wired or fibre.
Another excellent feature of Observer is its ability to keep trend data. Observer stores all data captures and can use them to create trend reports and analyse data over periods of time. Observer Suite also includes a built-in Web server to make reports available remotely, providing a Web site for managers or executives to easily monitor network performance.
For managers of wireless networks, Observer can be a valuable tool. In addition to performing the standard packet decoding and analysis, Observer can also identify rogue users and access points as well as WEP (Wired Equivalent Privacy) misuse. The best way to identify rogue systems is to configure a list of valid MAC (Media Access Control) addresses for your organisation's wireless devices and filter them out. Based on such a list, Observer can alert you to devices with invalid MAC addresses that are accessing the network. Observer also analyses WEP configurations and can alert administrators if an access point is found with WEP disabled or without the proper configuration. This helps enforce the company's wireless security policy.
As with any wireless analysis tool, wireless NIC (network interface card) support is an issue. Many of these tools require their own special drivers that are suitable only for auditing the network. For example, Netstumbler works with Lucent or Compaq cards, while ISS Wireless Scanner supports only the Compaq WL110 NIC.
Furthermore, many WLAN analyser vendors develop their own drivers from scratch, and these may not work properly in everyday use. Consequently, administrators without dedicated monitoring hardware may be required to reinstall the wireless NIC vendor's drivers to return to normal wireless network functionality.
Network Instruments takes a different approach than most, adding layers to existing wireless card drivers. Based on our experience with Observer, this avoids sacrificing everyday functionality for the sake of monitoring the WLAN.
We installed Observer Suite on a Windows 2000 SP2 laptop using a Cisco Aironet 350 wireless card. We installed Network Instruments' driver for the card and did not have any issues using the card as we normally do every day. Firing up Observer, we watched the activity on our wireless network, which included five Agere Orinoco access points. We monitored wireless traffic, WEP use and access point utilisation. To test Observer's ability to spot rogue access points, we added an Intel access point to the network and created a filter for our authorised Agere access points. Observer passed the test with flying colours, successfully providing us a list that included our Intel access point - and some access points in the neighbouring office.
Although not specifically designed for wireless security auditing, Observer is a versatile tool that can add value to any organisation. Its ease of use and low cost make it an ideal candidate for that administrator trying to gain control of an ever-expanding wireless world.