Trapeze beefs up security on MSS platform

WLAN switch vendor Trapeze Networks Inc has bolstered the security features on its Mobility System Software platform to include detection of RF intrusion and DoS attacks, as well as packet capture and monitoring.

The Pleasanton, California-based vendor said MSS has now been enhanced to detect and suppress a variety of RF intrusions, including rogue APs, address spoofing, and so-called man-in-the-middle attacks in which an attacker is positioned between client and AP, appearing as an AP to the client and as a client to the real AP.

Trapeze has introduced an ability to classify detected APs and ad hoc clients to determine whether they are legitimately on the network or merely polluting the RF spectrum. If they are rogue APs on the network, counter-measures can then be taken. MSS will now also be able to identify and blacklist specific MAC addresses or SSIDs, based on observation of their behavior. It will also look for encryption errors that can indicate an intrusion attempt and spoofed de-authenticate frames before a DoS or man-in-the-middle attack.

APs normally broadcast SSIDs as part of the answer to clients calling for a Broadcast Request but now MSS is now capable of restricting which ones can be advertised across the network. It is also now able to permit or deny access to APs and clients by classification, based on MAC address, SSID, or organizationally unique identifier, a vendor-specific ID for the device.

Trapeze said these features can also help detect a number of other problems such as weak WEP keys, wireless bridges, and ad hoc networks, all of which can then be dealt with according to preset policies. MSS is now also able to scan the network for unauthorized monitoring tools such as Netstumbler and Wellenreiter.

Among the DoS prevention features, trapeze listed the ability to blacklist a client for transmitting control packets at more than a pre-specified rate, suppression of null SSIDs before NICs can be disabled, detection of RF-jamming attempts, and rapid switching of APs to different channels, detection and disabling of fake AP attacks, and fingerprinting of all AP beacons so that neighbor relationships can never be made with rogue or interfering APs.

There is also a new packet capture feature that allows data streams

from anywhere in the wireless network to be replicated for forwarding to a monitor port, which can also be situated anywhere in the network, for decoding and analysis.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing