A California hospital is beta testing a WLAN radio sensor system to guard against outsiders prying into clinical data and patient records.
About 10 radio sensors have been set up in several areas of the Children's Hospital of Orange County, California. The result is a kind of barbed wireless defense perimeter, according to Mark Headland, the hospital's CIO.
The system comes from Network Chemistry, which will release in July a higher-end version of its product, now finally given a formal name: RFprotect.
The hospital is using the original product: the sensors with dual-band radios to monitor all WLAN flavors - 802.11b, 11g and 11a - and a Windows PC program. The sensors, about 4 inches by 6 inches by 1 inch, have an Ethernet connection to a nearby switch. The Windows software has a set of screens for viewing and analyzing a range of data collected by the sensors on radio behaviors, statistics, and patterns.
The hospital has an 802.11b WLAN of about 70 Cisco Systems. Aironet access points, accessed by roughly 250 potential users. It uses Cisco's Lightweight Extensible Authentication Protocol (LEAP), and changes the encryption keys for the access points and clients every few minutes.
"To back that up, we installed these sensors to ensure that WLAN sessions are encrypted, and to detect rogue access points and any denial-of-service attacks," Headland says. "(RFprotect) gives us a real-time monitor."
The sensors have proved so sensitive that they have picked up the SSID - in effect, the network name - of the WLAN radio installed in a Sears, Roebuck and Co. service truck driving past the hospital. Within a half-hour of activating the system, Headland saw a spoofed MAC address for an access point. RFprotect let him confirm that was a device in another company's nearby office building.
"The analytics are very intuitive. I can do packet captures right from the GUI (screens), and I can look at a given (WLAN) session in real time," Headland says.
The new RFprotect has been reworked for large-scale deployments, says Network Chemistry CEO Rob Markovich. Instead of a PC application, the new version is client and server software. The Windows client is now just the GUI front end, while the database and analytic programs run on one or more Windows, Linux, or Unix servers. Another change is that the client programs can run on several desktop or laptop PCs, so more than one network administrator can access the monitoring data.
The original system had a limit of 100 sensors. The new release can support 100 sensors on each of scores of servers, if necessary.
Yet another change is that the sensors can be plugged into an Ethernet cable run between an access point and a LAN switch. Customers now don't have to install new cable, scramble to find spare switch ports, or add Power-over-Ethernet facilities to support the sensors.
Finally, data collected by RFprotect can be exported to programs like Crystal Reports to prepare an array of specialized studies.
Headland hasn't made a decision on switching to the client/server version but he says he likes the idea of centralizing the radio data and giving additional network staff access to it.
Network Chemistry competes with two better-known rivals, AirDefense and AirMagnet.
Markovich says his company can beat its rivals on pricing. A starter package of three sensors is US$1,900. The desktop version now supports up to 10 sensors, each priced at US$650. The client/server version will start at US$2,000, with 20 sensors and three administrator licenses. There is a tiered pricing scheme for more sensors and administrator licenses.