dcsimg

Wireless Network Security Review: CACE Pilot

In this comprehensive review, CACE Pilot, which cuts large-volume traffic captures into smaller data sets for easier evaluation through visualization, drill-down and reporting, is tested on wireless networks and LANs. It works in conjunction with the open source protocol analyzer Wireshark.

Protocol analyzers are often used to capture, decode, and evaluate traffic flows and packets for network debugging, troubleshooting, and optimization. But did you know that a protocol analyzer can also be indispensable for security incident investigation?

Perhaps the best-known open source protocol analyzer is Wireshark (nee Ethereal), capable of decoding scads of protocols, captured from wired or wireless networks using nearly any laptop, desktop, or dedicated "shark appliance." Wireshark is freely-available and community-supported by plug-ins (dissectors) for new protocols.

But, even though Wireshark is free and flexible, there are times when it could use an assist -- or as CACE Technologies might put it, a pilot to guide this large, complex "fish" through a narrow passage. That's the purpose of CACE Pilot ($1295), a product that cuts large-volume traffic captures down to size through visualization, drill-down, reporting, and more -- eventually kicking off Wireshark when and if necessary to complete a task.

Following Protocol: WLAN, LAN Security Testing

We've been using CACE Pilot to watch live traffic and dig into capture files for several months. Pilot can be handy for many different tasks -- especially those that benefit from large-volume traffic visualization and statistical analysis, such as performance reporting.

But we focused on using CACE Pilot for network security tasks, such as spotting unexpected protocols on a WLAN or determining which infected hosts are DoS-ing a LAN. After all, you can't know that a network is really secure if you can't see who's using it and how.

Of course, there are many ways to monitor traffic, from router and firewall logs to network intrusion detection and forensics appliances. These and other tools can save capture files for future use. Where protocol analyzers excel is by interpreting those captured bits and bytes to deliver insight into sources/destinations, conversations, applications, and user activity.


Read the full story at eSecurity Planet:
Network Security Review: CACE Pilot

Related Articles

TAGS:

open source, security, network security, WLAN security, LAN security