Advanced-wips-policy, Chapter 10, Rmation on wips, see – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller CLI Reference Guide

873

53-1003098-01

Chapter

10

ADVANCED-WIPS-POLICY

This chapter summarizes the advanced Wireless Intrusion Protection Systems (WIPS) policy
commands in the CLI command structure.

WIPS policy provides continuous protection against wireless threats and acts as an additional layer
of security complementing wireless VPNs and encryption and authentication policies. WIPS uses
dedicated sensor devices designed to actively detect and locate unauthorized AP devices. After
detection, they use mitigation techniques to block the devices by manual termination or air
lockdown.

Unauthorized APs are untrusted access points that accept client associations. They can be
deployed for illegal wireless access to a corporate network, implanted with malicious intent by an
attacker, or could just be misconfigured access points that do not adhere to corporate policies. An
attacker can install a unauthorized AP with the same ESSID as the authorized WLAN, causing a
nearby client to associate to it. The unauthorized AP can then steal user credentials from the client,
launch a man-in-the middle attack or take control of wireless clients to launch denial-of-service
attacks.

A WIPS server can alternatively be deployed (in conjunction with the wireless controller, access
point, or service platform) as a dedicated solution within a separate enclosure. A WIPS deployment
provides the following enterprise class security management features and functionality:

•

Threat Detection - Threat detection is central to a wireless security solution. Threat detection
must be robust enough to correctly detect threats and swiftly help protect the network.

•

Rogue Detection and Segregation - A WIPS policy distinguishes itself by identifying and
categorizing nearby access points. WIPS identifies threatening versus non-threatening access
points by segregating access points attached to the network (unauthorized APs) from those not
attached to the network (neighboring access points). The correct classification of potential
threats is critical in order for administrators to act promptly against rogues and not invest in a
manual search of neighboring access points to isolate the few attached to the network.

•

Locationing - Administrators can define the location of wireless clients as they move
throughout a site. This allows for the removal of potential rogues through the identification and
removal of their connected access points.

•

WEP Cloaking - WEP Cloaking protects organizations using the Wired Equivalent Privacy (WEP)
security standard to protect networks from common attempts used to crack encryption keys.
There are several freeware WEP cracking tools available and 23 known attacks against the
original 802.11 encryption standard; even 128-bit WEP keys take only minutes to crack. WEP
Cloaking module enables organizations to operate WEP encrypted networks securely and to
preserve their existing investment in client devices.

Use the (config) instance to configure advance WIPS policy commands. To navigate to the
advanced WIPS policy instance, use the following commands:

(config)#advanced-wips-policy

rfs7000-37FABE(config-advanced-wips-policy-test)#?

Advanced WIPS policy Mode commands:

event Configure event detection