Configuring a wips device categorization policy – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

610

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

10

•

WLAN Jack Attack - DoS attack in which the WLAN Jack tool is used to send
de-authentication frames to wireless clients using the spoofed MAC address of the real AP.
This leads the clients to de-authenticate and drop their wireless connections.

13. Select OK to save the updates to the Advanced WIPS Events List. Select Reset to revert to the

last saved configuration.

Configuring a WIPS Device Categorization Policy

Intrusion Prevention

Having devices properly classified can help suppress unnecessary unsanctioned AP alarms and
allow an administrator to focus on the alarms and devices actually behaving in a suspicious
manner. An intruder with a device erroneously authorized could potentially perform activities that
harm your organization while appearing to be legitimate. WIPS enables devices to be categorized
as Access Points, then defined as sanctioned or unsanctioned within the network.

Sanctioned Access Points are generally known to you and conform with your organization’s security
policies. Unsanctioned devices have been detected as interoperating within the managed network,
but are not approved. These devices should be filtered to avoid jeopardizing data.

To categorize Access Points as sanctioned or unsanctioned:

1. Select Configuration > Security > Intrusion Prevention.

2. Expand the Intrusion Prevention option within the Configuration > Security menu and select

Device Categorization.

FIGURE 29

WIPS Device Categorization screen

The Device Categorization screen lists those device authorization policies defined thus far.