Intrusion prevention, Configuring a wips policy – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 609
Brocade Mobility RFS Controller System Reference Guide
597
53-1003099-01
10
Intrusion Prevention
Wireless Intrusion Protection Systems (WIPS) provides continuous protection against wireless
threats and acts as an additional layer of security complementing wireless VPNs and encryption
and authentication policies. WIPS is supported through the use of dedicated sensor devices
designed to actively detect and locate unauthorized AP devices. After detection, they use mitigation
techniques to block the devices by manual termination or air lockdown.
Unauthorized APs are untrusted Access Points connected to a LAN that accept client associations.
They can be deployed for illegal wireless access to a corporate network, implanted with malicious
intent by an attacker, or could just be misconfigured Access Points that do not adhere to corporate
policies. An attacker can install an unauthorized AP with the same ESSID as the authorized WLAN,
causing a nearby client to associate to it. The unauthorized AP can then steal user credentials from
the client, launch a man-in-the middle attack or take control of wireless clients to launch
denial-of-service attacks.
Motorola Solutions wireless controllers and Access Points support unauthorized AP detection,
location and containment natively. A WIPS server can alternatively be deployed (in conjunction with
the wireless controller) as a dedicated solution within a separate enclosure. When used within a
Motorola Solutions wireless controller managed network and its associated Access Point radios, a
WIPS deployment provides the following enterprise class security management features and
functionality:
•
Threat Detection - Threat detection is central to a wireless security solution. Threat detection
must be robust enough to correctly detect threats and swiftly help protect the wireless
controller managed wireless network.
•
Rogue Detection and Segregation - A WIPS supported wireless controller distinguishes itself by
both identifying and categorizing nearby Access Points. WIPS identifies threatening versus
non-threatening Access Points by segregating Access Points attached to the network
(unauthorized APs) from those not attached to the network (neighboring Access Points). The
correct classification of potential threats is critical in order for administrators to act promptly
against rogues and not invest in a manual search of neighboring Access Points to isolate the
few attached to the network.
•
Locationing - Administrators can define the location of wireless clients as they move
throughout a site. This allows for the removal of potential rogues though the identification and
removal of their connected Access Points.
•
WEP Cloaking - WEP Cloaking protects organizations using the Wired Equivalent Privacy (WEP)
security standard to protect networks from common attempts used to crack encryption keys.
There are several freeware WEP cracking tools available and 23 known attacks against the
original 802.11 encryption standard; even 128-bit WEP keys take only minutes to crack. WEP
Cloaking module enables organizations to operate WEP encrypted networks securely and to
preserve their existing investment in mobile devices.
Configuring a WIPS Policy
To configure a WIPS policy:
1. Select Configuration > Security > Intrusion Prevention.
2. Expand the Intrusion Prevention option within the Configuration > Security menu to display the
WIPS Policy, Advanced WIPS Policy and Device Categorization items available.