Blog: WiFi Experts

Defining the primary architectural approaches for today's WIPS solutions
Author/Blog Contributor - Chia-Chee Kuan, CTO at AirMagnet
Date: July 22, 2010

Today I'd like to review the different architectural approaches for deploying WIPS solutions. As we move ahead, the debate over which approach is best for what situation will likely intensify and is thus a great topic for discussion. WIPS solutions come in three basic architecture types; they are all fundamentally very different, with a variety of pros and cons.

The first and most rudimentary WIPS architecture leverages an AP radio that services wireless clients for WIPS scanning. In this approach, a WIPS module gets a very small time slice (or RF sample) from the AP radio for security scanning. The impact of the time slice to a wireless client service is designed to be minimal, allowing an organization to implement WIPS functionalities at a very low cost. The main advantage (or pro) to this approach is exactly that - low cost WIPS functionality. However, that low cost can come at a huge price. Time slicing uses limited scanning, usually sampling less than one second for each minute period. In laymen terms, that means the WIPS security functionality is not comprehensive and therefore compromised. Essentially, with this approach, an organization is saying, "we use a subset of non-real-time rogue AP detection features as our WIPS security framework." Because of this weakness, major WLAN infrastructure vendors have all moved away from claiming that this WIPS architecture is a good WIPS solution.

The second WIPS architecture is a integrated solution where a dedicated WIPS scanning radio is collocated in the client serving AP. The dedicated radio eliminates the limitations associated with, or the need to use, time slicing. Essentially, it means the WIPS solution is always scanning the air. The advantage to this approach is that all WIPS functionalities can theoretically be supported with the deployed APs, which can service the wireless clients, as well as fulfilling the "always on" WIPS scanning functionality. However, the disadvantage is that this functionality is consolidated within a single AP that is servicing clients and conducting WIPS scanning. That creates a single point of failure, which could be considered a violation of the layered security model and present a security risk. This architecture also dictates that your WLAN infrastructure vendor be your WIPS vendor, due to the dual purposed AP and collocated WIPS modules. This particular single vendor limitation is analogous to an enterprise having to deploy a Cisco firewall, for example, because the enterprise happens to be using Cisco switches. This can also require a hefty investment.

The third WIPS architecture is an overlay solution where dedicated WIPS sensors are deployed. These dedicated WIPS sensors are completely free from serving wireless clients and also provide the "always on" WIPS functionality. The advantage to this approach is the separation between the WLAN infrastructure and the WIPS architecture. This allows the orthogonal implementations to maximize the independence of the WIPS security solution on the WLAN infrastructure. This overlay WIPS architecture also allows an organization to independently select not only a best-of-breed WIPS solution, but also WLAN infrastructure. This independence can be very beneficial in today's diversified WLAN market where the best suited WLAN infrastructure solutions may very well not be your best suited WIPS solution provider. An overlay solution is also the only acceptable approach if an organization has mixed WLAN infrastructure already deployed (or plans to have a mix in the future). The disadvantage to this approach is cost - extra overlaid devices (sensors) require a larger investment from an organization into their wireless security infrastructure.

In summary, there are three main WIPS architectures - (1) integrated WIPS scanning with shared AP radio, (2) integrated WIPS scanning with dedicated radio in AP device, and (3) overlay WIPS scanning with dedicated device (sensor). The level of WIPS security capabilities and business flexibility goes up from (1) to (3). The cost of WIPS equipment and deployment however does not necessarily end up being the highest with option (3) depending on vendors -- however, in some instances, you get what you pay for. As we look at the future of WIPS solutions, it's only going to get more sophisticated, including multiple Wi-Fi radios, WIPS sensors and spectrum radios. What approach do you feel is best suited for your business?

Ogasawara Aug. 26, 2013 5:45 PM

I find when I get into a quilting funk, I need to do stehoming fun. With me, I get into those funks when I'm feeling overwhelmed too many projects hanging over my head. And the funny thing is, focusing on finishing them doesn't help at all. You would think that a finish would eliviate some of the pressure but it really doesn't. Just seems like drudgery. I was a quilting lecture one time and received what was (for me) the best advise ever. If you have a project that's dragging you down if you just don't like it if it's an albatross say goodbye to it. Get it out of your life. And I've done that on occasion. It's pretty liberating! Go make stehoming fun!
Amit Aug. 27, 2013 8:17 PM

I MUST have one of those mustaches! I love it! I am such a big fan of your blog, I love to watch all your cute ltitle creations come to life. Thanks!
Antonio Aug. 28, 2013 7:25 AM

LOL!! I wish, Heather! With the exception of the royal rnmaoce court, including Queens Nora, Linda and Susan Elizabeth, a barrage of fat royalty checks are not waiting in most rnmaoce authors' mailboxes. Writing rnmaoce is like marrying a good man do it for love, not money. [url=]eepsoahpsq[/url] [link=]fvfjornge[/link]
Carlos Aug. 30, 2013 1:35 AM

I couldnt help nicote one thing we had in common that made me giggle. Your "admin accounts" stuff was filed just like mine , underneath everything hehe.
Hossam Sep. 6, 2013 7:46 PM

If you want someone else to quilt it, check with your local quilt shop, they usllauy have a list.Keep on going...I use the magnifying glasses for needle work, also...lost without them.Mama Bear [url=]vhzsxsunmv[/url] [link=]cvgwrfgiu[/link]
Moving Company Miami Nov. 17, 2013 10:12 AM

Your article has a lot of great information and it has really helped me with my paper for a class I am taking. Do you have any other posts about this topic?
Laser Hair Removal Boca Raton Nov. 18, 2013 6:15 AM

Sometimes it is so hard to find good and useful posts out there when doing research. Now I will send it to my colleagues as well. Thank you for being one of them.
apple passbook Jan. 21, 2014 8:09 AM

LOL!! We would like, Heather! With the exception of the actual regal rnmaoce court, including Queens Nora, Linda and Susan At the, a new barrage associated with fat royalty lab tests usually are not holding out for most rnmaoce authors' mailboxes.
apple passbook Jan. 21, 2014 8:10 AM

LOL!! We would like, Heather! With the exception of the actual regal rnmaoce court, including Queens Nora, Linda and Susan At the, a new barrage associated with fat royalty lab tests usually are not holding out for most rnmaoce authors' mailboxes. apple passbook
business phone systems Jan. 28, 2014 3:22 AM

The concepts related to the WIPS solutions was explained in a good manner here. It was so simple that everyone have a good understanding of this. Thanks for making my visit a useful one and I will come back for more such useful post.
taruhan poker Jan. 28, 2014 8:42 PM

Hats off for publishing this unique comments here, would be used always for best outcomes more often, the results would be positive always taruhan poker
World best ibeacon Jan. 31, 2014 8:28 PM

If you would like someone else to quilt this, talk to your local quilt store, they will usllauy have a very checklist. Continue planning... I prefer the particular magnifying a pair of glasses intended for hook operate, also.
Buy Wholesale Bed Linen Online Feb. 1, 2014 9:04 AM

I just stumbled upon your informative blog and desired to say that I have really enjoyed reading your very well written blog posts.Buy Wholesale Bed Linen Online
Apple service center in guwahati Mar. 4, 2014 11:14 PM

I thought it was going to be some boring old post, but it really compensated for my time. I will post a link to this page on my blog. I am sure my visitors will find that very useful.

leadership definition Mar. 18, 2014 3:34 AM

We are currently researching for a thesis and we have been exploring your blog for some days. Thank you for your post it is handy for us.leadership definition
is bubblegum casting legitimate Apr. 3, 2014 2:56 AM

I feel the admin of this web page is genuinely functioning tough for his web page, for the cause that right here just about every data is quality
HealthbodyINC Apr. 11, 2014 12:43 AM

If you need another person for you to quilt this, speak to your nearby quilt retail store, they will usllauy use a record. Proceed setting up... I prefer the particular magnifying a couple of a pair of glasses designed for connect function, HealthbodyINC
HealthbodyINC Apr. 11, 2014 12:44 AM

If you need another person for you to quilt this, speak to your nearby quilt retail store, they will usllauy use a record. Proceed setting up.

Post a Comment:

Note: Your email will not be displayed.
Enter in the characters from the image below:
Blog Contributor

Chia-Chee Kuan is CTO and co-founder of AirMagnet. Chia-Chee will contribute his expertise on technology, security vulnerabilities, and future trends in the WLAN industry.

Blog Archive
Other Social Media Sites We Recommend:
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  |
© 2006-2012 Fluke Corporation. All rights reserved.