It has an IDS to the extent that it will detect rouge AP's and it can track usage per user, but as far as i know it has no protection or reaction functionality.
Really good tool for planning coverage areas and bandwidth, but doesn't address authentication, authorization or reaction.
Personally... keeping people off of wireless networks is futile. There are new attacks against wep keys that can crack most keys in under 30 seconds. WPA is better... for now but the human element still comes into play in key distribution.
So my recommendation is to assume that every wireless network is a public internet access point and use PF to prioritize VPN bandwidth and throttle outbound requests that aren't on the VPN. Pretty much the most reliable security on wireless is on the application layer. Design for that and advise the boss that there will be bandwidth leeches who will always find a way to get in, but you can mitigate the risk with a bigger budget and an intern. A hot, impressionable intern.
tack
_______________________________________________ Bits mailing list [email protected] http://www.sugoi.org/mailman/listinfo/bits
