IBM unveils intrusion-detection service for wireless nets

IDG News Service - Citing the "explosion" of wireless "hot spots" in public spaces, homes and businesses, IBM today unveiled a new managed intrusion-detection service for wireless networks.
The new intrusion-detection service uses "sniffing" technology developed by IBM that can detect the presence of unauthorized access points, denial-of-service attacks, improperly configured access points and compromised Wired Equivalent Privacy (WEP) encryption keys, according to Jim Goddard, security principal at IBM Global Services.
The new service relies on a network of Linux appliances that act as wireless sensors and are deployed much as wireless access points are within an office, Goddard said. "They look like fuse boxes mounted on the wall," he said.
The sensors monitor wireless network activity using wireless attack signatures developed by IBM. Warnings about possible attacks are relayed to a Tivoli Risk Manager console at an IBM Global Services operations center in Boulder, Colo., Goddard said.
That center operates 24 hours a day, seven days a week, and allows customers to respond quickly to wireless attacks, he said. Because wireless attackers must be within range of access points to launch an attack, that response might involve summoning security guards to intercept someone who is reconnoitering wireless access points on a corporate campus or trying to compromise a company's wireless infrastructure.
"The technology is doing the same thing that [intrusion detection] has done for a long time, but the response is different. With a wireless attack, you could be talking about somebody in a parking lot outside the corporate headquarters, as opposed to 10,000 miles away with a traditional [Internet] attack," Goddard said.
Customers will receive daily reports that summarize wireless security events, as well as monthly trend-analysis reports from IBM.
IBM became attuned to wireless security issues after hearing complaints from many of its managed services customers. "In our managed environments, this has already become an issue. There's this sense that wireless networks need protection but that it should be integrated with an overall managed plan."
IBM will be marketing the new intrusion-detection service to companies of all sizes that need to lock down wireless networks. The service may also appeal to companies that are opposed to introducing wireless technology and want to prevent employees from setting up their own wireless access points in cubicles, Goddard said.
Customers don't need to be using Tivoli or have an existing relationship with IBM Global Services to use the service. But they will need to have the network of wireless sensors installed, as well as a device to collect data from the wireless sensors and