Wi-Fi Security Review: AirMagnet: Page 2
Some of the other performance analysis features include detection of weak AP signals, excessive packet retries, APs filled beyond capacity, excessive bandwidth usage, missed beacons, too many APs on a channel, traffic priority problems through conflicting deployment of DCF/PCF at same time, APs that have conflicting configurations, too many broadcast and multicast packets, hidden nodes (causing packet collisions), station misconfigured for ad-hoc when it should be infrastructure SSID, too many clients on an AP, bandwidth overwhelming an AP (may indicate that too many high usage clients on a single AP), clients roaming between APs (might indicate APs too close or "rogue user").
One of the nicer features is the ability to identify and give aliases to various wireless MACs, thus making it easier to identify all actual users and "rogue users". Using the "Find" tool, you can manually and physically track down the location of the rogue user. Much like a Geiger counter, the Find tool will get a stronger signal from the selected MAC as you physically get closer to it.
AirMagnet will even pick up DoS attacks as they happen. This can allow for an administrator to disable a site and re-address it. And if the "attacker" is nearby, potentially track them down. As mentioned it does a good job of finding various but standard security flaws often found within networks. Some of these include identifying the lack of WEP usage, flawed WEP usage, clear text authentication, war driving detection, dictionary attacks, unconfigured (default settings) APs, spoofed MACs, SSID broadcasting, ad-hoc configurations and many others. As a passive auditing tool, AirMagnet should be part of the security auditing teams packages.
The first issue is cost.
The reality is that this is targeted towards larger enterprises and the price tag is certainly a testimony to that. But, you do get what you pay for (and then some!). Using this kind of tool on a single AP would be overkill.
In addition, the licensing method, which ties the license, serial and key to the MAC address being used, ensures that most attackers won't be using this to find weak networks (except for those attackers with really deep pockets!). The price runs between about $3,000 to $3,500 USD, depending on the version you decide on. Keep in mind this doesn't necessarily include the Reporter application.
The other issue is a personal preference issue. While I enjoy playing in a variety of operating systems, I do prefer the *nix variations for stability, ease of use and flexible configuration options. This product is a Win2k/WinXP product. And I'm very good at crashing XP SP1A, multiple times. That leads to some frustrations along the way. I suspect that's more a user problem than a software problem.
But if your company is determined and serious about running a wireless network of any substantial size, this is a product you should look into. Visit http://www.airmagnet.com for online demos and more information.
And hopefully I will see some of you at the Wireless Expo and Conference here in Toronto, March 16 - 18, 2004 at the Sheraton Hotel downtown, being hosted by Wi-Fi Planet.