Weak iv detection, Wlan ids configuration task list, Configuring ap operating mode – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 151
139
Weak IV detection
Wired Equivalent Privacy (WEP) uses an Initialization Vector (IV) to encrypt each frame. An IV and a key
are used to generate a key stream, and thus encryptions using the same key have different results. When
a WEP frame is sent, the IV used in encrypting the frame is also sent as part of the frame header.
However, if a WLAN device generates IVs in an insecure way, for example, if it uses a fixed IV for all
frames, the shared secret key may be exposed to any potential attackers. When the shared secret key is
compromised, the attacker can access network resources.
Weak IV detection counters this attack by verifying the IVs in WEP frames. Whenever a frame with a
weak IV is detected, it is immediately logged.
WLAN IDS configuration task list
Task Description
Required
Configuring rogue device detection
Configuring rogue device detection
Optional
Taking countermeasures against
attacks from detected rogue devices
Displaying and maintaining rogue
detection
Configuring IDS attack detection
Configuring IDS attack detection
Optional
Displaying and maintaining IDS
Configuring AP operating mode
A WLAN consists of various APs that span across the building offering WLAN services to the clients. The
administrator may want some of these APs to detect rogue devices. The administrator can configure an
AP to operate in any of the three modes, normal, monitor, and hybrid.
•
In normal mode, an AP provides WLAN data services but does not perform any scanning.
•
In monitor mode, an AP scans all 802.11 frames in the WLAN, but cannot provide WLAN services.
•
In hybrid mode, an AP can both scan devices in the WLAN and provide WLAN data services.
To configure the AP operating mode:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter AP template view.
wlan ap ap-name model
model-name
N/A
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points