Tag Archives: AirMagnet Enterprise

AirMagnet Enterprise Doesn’t Miss Much in WLAN and Cell Analysis

What separates good, secure wireless from under-performing wireless or an RF space that actually works against the organization’s best interests? Frequently, the differences lie in murky corners where network managers can’t see reality, for a number of reasons. Keeping a busy WLAN both healthy and in compliance with policy can be a daunting task, and one that certain environments simply can’t afford to get wrong. Sure, native tools built into enterprise WI-Fi gear have some ability to characterize the RF goings on where they provide client access but these feature sets are usually limited in scope and are of varying degrees of  quality. I recently had the chance to play with AirMagnet Enterprise from Fluke Networks, and I can say I was pretty impressed with what this purpose-built solution can do.

During my trial of AirMagnet Enterprise (AME), I was able to quickly bring a robust monitoring and reporting framework to life across multiple sites thanks to the cloud-hosted AME server. I can’t stress how much I value not having yet another server to feed and care for. The response times of the interactions between the cloud server and my local sensors was generally good enough that I eventually just stopped thinking about the distributed architecture.

I had a mix of sensor types at my disposal, and though my primary scope of responsibility tends to be WLAN, I was impressed by the ability to monitor cellular activity in my areas with AME.

base station

I spoke with Fluke Networks about scenarios where cell monitoring is important (calls being made where none should be, jamming, signal quality, etc), and they identified prison environments and DAS performance verification as among the main use cases.

On the Wi-Fi side, there is just an absolute slew of information gathered, displayed, and reported on with AME. I contrived a number of security and interference exercises as I got more familiar with the WIPS tools– like this one:

wireless camera

The official list of WIPS capabilities reads like this:

Powerful WIPS Protection and Architecture

  • Continuously scans every Wi-Fi channel, including all 200 in 5 GHz band to detect every rogue device
  • Detection, monitoring, and remediation of spectrum activity in a broad frequency range that includes 3G, 4G LTE, and CDMA. Activity by cellular devices like cell phones and jammers is tracked and reported on.
  • Alerts when rogue APs are on wired network or inside premise for quickest focus on most dangerous cases while blocking unwanted connections and devices
  • Protects against latest vulnerabilities automatically via DTU
  • Detects over 120 security threats, including Karmetasploit, AirPWN, 802.11 fuzzing and WPS brute force attacks
  • Compliance reports for PCI, HIPAA, FISMA, DoD 8100.2, Basel II and others
  • Scales to over 1000 sensors with a single server cluster in a data center
  • Powerful local processing to enforce security policy even if connection is lost to server
  • Automated forensic capture simplifies deep analysis

The AME reporting module feels a bit dated in appearance, but the details provided are simply incredible. There are dozens of reports that can be drilled into for hundreds of key metrics, and all can be scheduled, exported, etc.

AME reports

Veteran Air Magnet customers will recognize the very effective Infrastructure View for each sensor in play:

top sensor


This consistency with other AirMagnet tools speeds the AME learning curve, and information gathered from multiple sensors can be combined in reports simply by having multiple sensors highlighted when invoking the report. Each sensor can also be tapped for live packet capture and decode, remote monitoring of spectrum and specific channel activity, and all the functionality of  both AirMagnet Laptop and Spectrum XT programs per sensor :

channel

spectrum

The capabilities of AME are comprehensive, and moving between sensors and interacting with the cloud server was pretty smooth for me. Aside from the impressive wealth of information provided by the sensors, you also have the option of leveraging performance testing (Automatic Health Checking) from each sensor to gather metrics on general network feel:

AHC

When you put it all together, AME is certainly far-ranging in capability and impressive in what it can quantify. The centralized control and monitoring of distributed sensors is very empowering, and allows for a small team to cover a lot of analysis ground without leaving the office. I’m a longtime fan and user of a number of AirMagnet products (note that I hardly consider myself a fanboy here, there are certain AirMagnet tools that I really like, others not so much), and AME does impress me very much.

My trial was an absolute blast in that it was easy to stand up test sensors and just dig in playing at harvesting the important RF and WLAN data that AME was built for . A real AME deployment would take a lot more work, and interaction with Fluke Networks, to determine the right number and placement of sensors. The sensors themselves are very much like WLAN APs in that they need cabling and power. And even with the advantage of the cloud-hosted server, AME is still another system to keep up, use, and to stay proficient on. That being said, it’s pretty easy to envision the AME payoff in environments that simply must have secure, high-performing Wi-Fi and automated threat reporting. Where regulatory compliance is critical, AME is a force multiplier. The entire suite is well-executed, and when used properly leaves very little to the imagination when it comes to what’s really going on in your WLAN (and cellular) environments.

A Six-Pack Of WLAN Industry Developments

Things are always shaking in Wi-Fi Land. New stuff, company goings on, regulatory drama… it’s never boring. Here’s a quick bundle of interesting hits to consider.

  1. Meraki Founders Quit CiscoI’m not only a Meraki user, I’ve been following the company for years under the brim of my analyst’s hat. I delighted when Meraki came out with their MX line, and later when switches joined the lineup. There’s a lot of power in the Meraki magic, so I can’t say I was totally surprised when Cisco bought them for north of a billion dollars. At the same time, I had my concerns. Far be it for anyone not in the loop to speculate on why Meraki’s Founding Three have opted to split, but it does fuel all sorts of speculation depending on your frame of reference.

  2. Xirrus Has Announced a Cloud-Managed 11ac Wallplate AP. This is an industry first (as far as I know) and I hope other vendors follow soon (are you listening, Meraki?)

  3. Meru also has new product offering: Xpress CloudWith 2×2 11ac APs managed via cloud subscription, aimed at SMBs. (Meru ain’t dead, folks.)

  4. Fluke Networks’ Air Magnet Enterprise gets an upgrade.  Quoting my brief: “The new version of AirMagnet Enterprise includes several major security enhancements, new 802.11ac functionality, the industry¹s first “No Wireless or Cellular Zone” capability, new PCI 3.0 compliance features,  and more. Enterprise is already unique with its Automated Health Check and Dynamic Threat Update capabilities, but these new features make it even more powerful, and a crucial solution for organizations that can¹t afford to have wireless security loopholes.” Alas- it’s still an overlay…

  5. Ruckus Ups Their Smart Wi-Fi Game. A laundry list of beefy feature goodness is aimed at improved Wi-FI calling, among other enhancements.

  6. Eero. Interesting promise and premise. We’ll have to see how this one plays out- but promising people that you can solve dead spots in the home without running wires will get attention.

I don’t typically favor scraping press releases into a digest blog, but this mix of topics struck me as a bit profound in showing just how dynamic the Wi-Fi world is at many tiers. Exciting, thought-provoking stuff that can be hard to keep up on.  Don’t blink, things change quick around here!

 

A Bit More on Drones, Wi-Fi, and Beyond

It started with a routine signature update to Fluke Network’s AirMagnet Enterprise. Add in a little media engagement and the fact that drones are all over the news for a number of reasons, and you have a lot of buzz around AirMagnet being the first WIPS to detect the presence and activities of the market’s favorite drone. 

Some in the WLAN industry are saying of drones “big deal, it’s a minor threat”. Others are calling it a timely recognition of a new concern to network security. Wherever you come down on the threat to businesses and business Wi-Fi from intrusive drones, here’s a couple of articles on the AirMagnet signature topic to pick from.

Now beyond AirMagnet calling the AR drones a threat, there are activities afoot that provide further food for thought. For example, Darren Kitchen and crew at Hak5  have parlayed technolust and interest in drones into some interesting activities.

There’s more from this group, but I caution you: watching Hak5 videos is addicting.

To get a glimpse of just how rooted drones of various types and sophistication are becoming rooted in our culture, do a simple Google search on “drones and higher ed” and you’ll find fascinating examples of students formally learning all about drones on the way to their eventual careers, and here’s an example.

And in case you’ve been living in a bunker under a gravel pit in Missouri, Amazon is proceeding with their seemingly goofy idea of package delivery with drones.

Sure, big drones can blast the bejeezus out of bad guys hiding in difficult terrain in far off places, and that’s where the bigger drone story has it’s roots. But there is a bigger drone story, and sooner or later it’ll touch ever more facets of every day life.

This is gonna be a wild ride whether you buy into drones as a threat to Wi-Fi or not.