Intrusion detection deployment considerations – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

612

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

10

7. Select OK to save the updates to the Marked Devices List. Select Reset to revert to the last

saved configuration.

Intrusion Detection Deployment Considerations

Before configuring WIPS support on the wireless controller, refer to the following deployment
guidelines to ensure the configuration is optimally effective:

•

WIPS is best utilized when deployed in conjunction with a corporate or enterprise wireless
security policy. Since an organization’s security goals vary, the security policy should document
site specific concerns. The WIPS system can then be modified to support and enforce these
additional security policies

•

WIPS reporting tools can minimize dedicated administration time. Vulnerability and activity
reports should automatically run and be distributed to the appropriate administrators. These
reports should highlight areas to be to investigated and minimize the need for network
monitoring.

•

It's important to keep your WIPS system Firmware and Software up to date. A quarterly system
audit can ensure firmware and software versions are current.

•

Only a trained wireless network administrator can determine the criteria used to authorize or
ignore devices. You may want to consider your organization’s overall security policy and your
tolerance for risk versus users’ need for network access. Some questions that may be useful in
deciding how to classify a device are:

•

Does the device conform to any vendor requirements you have?

•

What is the signal strength of the device? Is it likely the device is outside your physical
radio coverage area?

•

Is the detected Access Point properly configured according to your organization’s security
policies?

•

Brocade recommends controller or service platform visibility to all VLANs deployed. If an
external L3 device has been deployed for routing services, each VLAN should be 802.1Q
tagged to the controller or service platform to allow the detection any unsanctioned APs
physically connected to the network.

•

Brocade recommends trusted and known Access Points be added to an sanctioned AP list. This
will minimize the number of unsanctioned AP alarms received.

Classification

Use the drop-down menu to designate the target device as either sanctioned (True) or unsanctioned
(False). The default setting is False, categorizing this device as unsanctioned. Thus, each added device
requires authorization. A green checkmark designates the device as sanctioned, while a red “X” defines
the device as unsanctioned.

Device Type

Use the drop-down menu to designate the target device as either an Access Point (True) or other (False).
The default setting is False, categorizing this device as other than an Access Point. A green checkmark
designates the device as an Access Point, while a red “X” defines the categorized device as other than an
Access Point.

MAC Address

Enter the factory coded MAC address of the target device. This address is hard coded by the device
manufacturer and cannot be modified. The MAC address will be defined as sanctioned or unsanctioned
as part of the device categorization process.

SSID

Enter the SSID of the target device requiring categorization. The SSID cannot exceed 32 characters.