What separates good, secure wireless from under-performing wireless or an RF space that actually works against the organization’s best interests? Frequently, the differences lie in murky corners where network managers can’t see reality, for a number of reasons. Keeping a busy WLAN both healthy and in compliance with policy can be a daunting task, and one that certain environments simply can’t afford to get wrong. Sure, native tools built into enterprise WI-Fi gear have some ability to characterize the RF goings on where they provide client access but these feature sets are usually limited in scope and are of varying degrees of quality. I recently had the chance to play with AirMagnet Enterprise from Fluke Networks, and I can say I was pretty impressed with what this purpose-built solution can do.
During my trial of AirMagnet Enterprise (AME), I was able to quickly bring a robust monitoring and reporting framework to life across multiple sites thanks to the cloud-hosted AME server. I can’t stress how much I value not having yet another server to feed and care for. The response times of the interactions between the cloud server and my local sensors was generally good enough that I eventually just stopped thinking about the distributed architecture.
I had a mix of sensor types at my disposal, and though my primary scope of responsibility tends to be WLAN, I was impressed by the ability to monitor cellular activity in my areas with AME.
I spoke with Fluke Networks about scenarios where cell monitoring is important (calls being made where none should be, jamming, signal quality, etc), and they identified prison environments and DAS performance verification as among the main use cases.
On the Wi-Fi side, there is just an absolute slew of information gathered, displayed, and reported on with AME. I contrived a number of security and interference exercises as I got more familiar with the WIPS tools– like this one:
The official list of WIPS capabilities reads like this:
Powerful WIPS Protection and Architecture
- Continuously scans every Wi-Fi channel, including all 200 in 5 GHz band to detect every rogue device
- Detection, monitoring, and remediation of spectrum activity in a broad frequency range that includes 3G, 4G LTE, and CDMA. Activity by cellular devices like cell phones and jammers is tracked and reported on.
- Alerts when rogue APs are on wired network or inside premise for quickest focus on most dangerous cases while blocking unwanted connections and devices
- Protects against latest vulnerabilities automatically via DTU
- Detects over 120 security threats, including Karmetasploit, AirPWN, 802.11 fuzzing and WPS brute force attacks
- Compliance reports for PCI, HIPAA, FISMA, DoD 8100.2, Basel II and others
- Scales to over 1000 sensors with a single server cluster in a data center
- Powerful local processing to enforce security policy even if connection is lost to server
- Automated forensic capture simplifies deep analysis
The AME reporting module feels a bit dated in appearance, but the details provided are simply incredible. There are dozens of reports that can be drilled into for hundreds of key metrics, and all can be scheduled, exported, etc.
Veteran Air Magnet customers will recognize the very effective Infrastructure View for each sensor in play:
This consistency with other AirMagnet tools speeds the AME learning curve, and information gathered from multiple sensors can be combined in reports simply by having multiple sensors highlighted when invoking the report. Each sensor can also be tapped for live packet capture and decode, remote monitoring of spectrum and specific channel activity, and all the functionality of both AirMagnet Laptop and Spectrum XT programs per sensor :
The capabilities of AME are comprehensive, and moving between sensors and interacting with the cloud server was pretty smooth for me. Aside from the impressive wealth of information provided by the sensors, you also have the option of leveraging performance testing (Automatic Health Checking) from each sensor to gather metrics on general network feel:
When you put it all together, AME is certainly far-ranging in capability and impressive in what it can quantify. The centralized control and monitoring of distributed sensors is very empowering, and allows for a small team to cover a lot of analysis ground without leaving the office. I’m a longtime fan and user of a number of AirMagnet products (note that I hardly consider myself a fanboy here, there are certain AirMagnet tools that I really like, others not so much), and AME does impress me very much.
My trial was an absolute blast in that it was easy to stand up test sensors and just dig in playing at harvesting the important RF and WLAN data that AME was built for . A real AME deployment would take a lot more work, and interaction with Fluke Networks, to determine the right number and placement of sensors. The sensors themselves are very much like WLAN APs in that they need cabling and power. And even with the advantage of the cloud-hosted server, AME is still another system to keep up, use, and to stay proficient on. That being said, it’s pretty easy to envision the AME payoff in environments that simply must have secure, high-performing Wi-Fi and automated threat reporting. Where regulatory compliance is critical, AME is a force multiplier. The entire suite is well-executed, and when used properly leaves very little to the imagination when it comes to what’s really going on in your WLAN (and cellular) environments.
wirednot 
Pingback: Trilithic 802 AWE- A Star Is Born | wirednot