- Product Archives
- Return to the networkZONE
 |
networkZONE Products for the week of December 13, 2004
Engim Says…
Engim's Multi-Channel Wi-Fi Chip Teams With AirMagnet's
Software To Support Access Point Designs With Full-Time Intrusion Prevention
And Security
Wideband Multi-Channel AP Gives OEMs Dedicated Rogue Detection
-- Without Separate Monitoring Devices; Consolidation of Key Wi-Fi Functionalities
Signals Market Demand for Engim's All-Services AP Initiatives
Engim, Inc. and AirMagnet have announced a new solution to provide access
point manufacturers and their customers with the industry's most comprehensive,
integrated 802.11 security and intrusion prevention system. This multi-function
AP is the first access point with an integrated security sensor, and the
first that includes dedicated Wi-Fi monitoring of all channels and bands
for real-time security without disrupting end user traffic. This consolidation
of functions enables OEMs to provide users with unprecedented security,
new economies of service and substantial operational efficiencies.
By replacing several single-radio APs with an integrated multi-channel device, one unit can do the work of multiple APs. This enables the first 802.11 solution to combine AirMagnet's industry-leading Enterprise 5.0 wireless intrusion prevention system and Engim's ground-breaking wideband multi-channel All Services Access Point (ASAP) capability. Leveraging the Engim AP-310's multi-channel capabilities, WLAN IT managers can deploy the highest level of security and intrusion prevention without the expense and overhead of separate security probes.
Dean Au, AirMagnet President and CEO comments, "AirMagnet is the leader in detecting, deactivating and documenting wireless intrusions and threats. To date, this has required a separate sensor unit, constantly scanning the RF environment for exploits and problems. Engim's unique chipset allows Wi-Fi solution builders to incorporate an always-on monitor to complement classic AP connectivity in a single customer-ready solution."
"One of the features we really like about the Engim AP-310 is the integration of spectral monitoring with more traditional access-point capabilities," said Craig Mathias, a Principal with the wireless and mobile advisory firm Farpoint Group (Ashland, MA). "We see this consolidation of function as being critical to the future of WLAN deployments, and the security and performance-management benefits for both OEMs and enterprise users are obvious."
AirMagnet and Engim: Bringing Best-of-Breed Security To Wi-Fi Infrastructure
WLAN networks are increasingly being deployed into enterprise environments
that require the 802.11 infrastructure to provide maximum capacity and security,
while simultaneously accommodating time- and latency-sensitive voice traffic
without disruption. By replacing many single-radio APs with one powerful
multi-channel device, this hybrid device delivers the capacity and consistency
needed for Voice-over-WiFi (VoWiFi) while also serving data users and providing
full-time security/performance management.
Taking advantage of the Engim AP-310 design, AirMagnet can now deliver full-time intrusion detection without separately installed sensors. In contrast, competitive solutions provide only part-time monitoring - leaving the enterprise constantly vulnerable to a wide array of attacks - or alternatively, require less powerful sensors that overwhelm wired backhaul networks with forwarded packets. AirMagnet's SmartEdge architecture provides superior wireless intrusion prevention with 50x more scalability.
For OEMs, this multi-function device becomes the capacity, security and manageability foundation that allows AP manufacturers a fast-path for delivering more powerful and comprehensive infrastructure solutions. It lets WLAN equipment vendors deliver:
Together, Engim and AirMagnet enable AP manufacturers to efficiently
leverage the industry's best technologies, and focus their development initiatives
on key differentiators and rapid time-to-market.
analogZONE Says . . .
I'm really excited about this pairing of Engim's multi-channel Wi-Fi radio chip set with AirMagnet's security and WLAN management software for lots of reasons. For one thing, it validates many of the great things I've been saying about Engim's chips for the last year or so. Perhaps more important, it will enable the creation of a new breed of access points that provide the high performance and tight security that will help move the wireless LAN market towards a level of maturity it desperately needs.
Until now, most access points that populated enterprise and even some public networks have been little more than gussied-up versions of the units we use in our home and were not fully capable of dealing with the unique performance, security and management issues encountered in these challenging environments. In contrast, combining the versatility of Engim's radio and AirMagnet's software allows OEMs to produce what they call "All Services Access Points" that are equipped with a powerful collection multi-channel traffic management tools, an arsenal of security functions that would make the CIA green with envy.
I had not been familiar with AirMagnet until last week since up till now most of their products were aimed at network managers rather than design engineers. But with introduction of embedded software that works directly with their existing products, I got a demo while attending Wi-Fi Planet and was blown away at its capabilities. We ran their standard wireless LAN analyzer on an ordinary laptop with a standard Wi-Fi card and I got to see what really goes on in a heavily-saturated wireless environment. Time and space won't permit a blow-by-blow account of what I saw, but suffice it to say that we were able to get a second-by-second picture of all the traffic happening within the area, and a deep analysis of each AP's and each terminal's behavior, from IP address right down to traffic types and signal strength.
Combining the AirMagnet analysis tools with Engim's three-channel radio and on-chip spectrum analysis is like giving Rambo an Uzi. You now have an access point that can devote one of its channels to high-speed a/g traffic while shunting any legacy 802.11b traffic off to a second channel, and still have a third channel free to do full-time policing of the airwaves. Over the past year, I've had several discussions with Engim about how such a "rover" channel could be used to monitor an entire band for both willful intrusion, and accidental interference, but this is the first time I've seen this wonderful feature realized. And that's just the start. Once an intruder is detected, the software can direct the rover channel to make the unauthorized terminal's life miserable by doing all kinds of nasty stuff, including transmitting repeated "disassociate" commands directed at its specific MAC address while the software sends off a series of alarms and e-mail alerts to the network operator.
Besides simply looking for other unauthorized Wi-Fi sources, an AP can use the Engim's on-chip DSP section to "sniff" the environment for non-Wi-Fi activity. Its built-in FFT spectral analysis capabilities can continuously analyze the spectral content and energy levels of any RF emitter, regardless of whether it's tossing out an SSID, or simply a leaky microwave oven. Depending on what you want to do, you can simply use the information to re-configure your frequency use around the noise, or use the software's triangulation capabilities to aid a "search-and-destroy" mission. This capability gives an Engim-powered system a distinct advantage over single-radio APs which must periodically interrupt their service to scan the airwaves, or employ separate "overlay" systems which use separate "air monitor" boxes.
The hour or so I spent with AirMagnet was not enough time to digest all the details of the product so I'm not 100% clear on how customizable the software is, but from our brief discussions on the matter it seems as if most of the features can be configured and run through a series of standard APIs that allow nearly any overlay software to be run on top of it. This would allow a manufacturer to develop a custom control panel for their AP, or to develop hooks that allowed it to talk to any commercially-available network manager tool, such as OpenView.
I'll pause from my enthusiastic gushing to insert the caveat that I've not actually seen the two products run together yet. I've seen AirMagnet software run on a standard PC, and I've had the good fortune to actually see Engim chips (at least their RF section) at their Kanata, Canada-based development labs, but have not seen the two running together. Given the normal challenges of meshing a chip and software that were not deliberately co-developed, there is some small but real chance of a rocky integration process. Since both companies have excellent track records, I think that regardless of the glitches they encounter they will emerge with a great product, but I'll add a half-saltshaker to my Vapor Index Rating to be on the safe side. In any case, I look forward to seeing the Engim/AirMagnet with my own eyes at the next Wi-Fi Planet in Boston this spring.
Regardless of any small quibbles, I think that
this is a significant announcement both for the two manufacturers, and for
the designers who will be using their technology. By making a reference
design for their All Services Access Point available to OEMs, they have
raised the bar for all other enterprise-grade Wi-Fi equipment. Thanks to
this versatile reference platform, designers will be able to add sophisticated
management and security functions to their products at a fraction of the
cost of any other currently-available solution.
|
| ||||