Astute Observer

AS WLANS (WIRELESS LANS) continue to be deployed throughout the enterprise, administrators need tools to help them audit wireless network installations, analyze performance, and identify security issues. One of the big security issues facing wireless networks today is the of rogue access points that employees may install on the network, exposing the organization's network and data to unauthorized users and malicious hackers.

Network Instruments' Observer line of software provides administrators an easy way to monitor wireless networks and help pinpoint those rogue access points. Observer comes in three flavors -- Observer, Observer Expert, and Observer Suite -- with Expert and Suite adding functionality such as real-time expert analysis and SNMP probes, respectively. We tested Observer Suite 8.1, and it displayed an ease-of-use and low price point that helped earn it a Deploy rating.

Observer is a protocol analyzer, similar to products offered by Sniffer and WildPackets. With the introduction of wireless capabilities, Observer has become one of the better protocol analyzers we have seen. The biggest plus for Observer is that the product includes all the components you need to analyze wired, fiber optic, and wireless networks; other analyzers typically focus on either wireless, wired, or fiber.

Another excellent feature of Observer is its ability to keep trend data. Observer stores all data captures and can use them to create trend reports and analyze data over periods of time. Observer Suite also includes a built-in Web server to make reports available remotely, providing a Web site for managers or executives to easily monitor network performance.

For managers of wireless networks, Observer can be a valuable tool. In addition to performing the standard packet decoding and analysis, Observer can also identify rogue users and access points as well as WEP (Wired Equivalent Privacy) misuse. The best way to identify rogue systems is to configure a list of valid MAC (Media Access Control) addresses for your organization's wireless devices and filter them out. Based on such a list, Observer can alert you to devices with invalid MAC addresses that are accessing the network. Observer also analyzes WEP configurations and can alert administrators if an access point is found with WEP disabled or without the proper configuration. This helps enforce the company's wireless security policy.

As with any wireless analysis tool, wireless NIC (network interface card) support is an issue. Many of these tools require their own special drivers that are suitable only for auditing the network. For example, Netstumbler works with Lucent or Compaq cards, while ISS Wireless Scanner supports only the Compaq WL110 NIC.

Furthermore, many WLAN analyzer vendors develop their own drivers from scratch, and these may not work properly in everyday use. Consequently, administrators without dedicated monitoring hardware may be required to reinstall the wireless NIC vendor's drivers to return to normal wireless network functionality.

Network Instruments takes a different approach than most, adding layers to existing wireless card drivers. Based on our experience with Observer, this avoids sacrificing everyday functionality for the sake of monitoring the WLAN.