Mobile unit intrusion detection – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Brocade Mobility RFS7000-GR Controller System Reference Guide

531

53-1001944-01

Configuring a Wireless IDS Deployment

C

6. Select the AP Containment tab.

The unauthorized AP is listed in the containment list. You can manually add additional
unauthorized AP MAC addresses to the containment list or remove unauthorized APs as
needed.

7. Select Save (from the lower left-hand corner) to apply the changes.

Mobile Unit Intrusion Detection

Mobile unit (MU) intrusion detection can enabled on the RF Switch to provide proactive protection
against active intrusion attempts. The switch can detect numerous intrusion violations and can
alert administrators of intrusion attempts and attacks. The switch can mitigate by automatically
blacklisting MUs triggering the violation.

The following configurations will be performed as part of this MU intrusion detection example:

•

The global detection window will be increased from 10 seconds to 60 seconds.

•

An excessive authentication failure intrusion violation will be configured with a threshold of 10
attempts. If 10 authentication failures occur within a 60 second window, an alarm is
generated and mitigation performed.

•

The Time to Filter for the excessive authentication failure intrusion violation will be set to 300
seconds. If an MU triggers the intrusion violation, the MUs MAC address is filtered for 5
minutes.