beautypg.com

Configuring wlan security, Wlan security overview, Terminology – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 632: Detecting rogue devices

background image

611

Configuring WLAN security

WLAN security overview

802.11 networks are susceptible to a wide array of threats such as unauthorized access points and clients,

ad hoc networks, and Denial of Service (DoS) attacks. Rogue devices are a serious threat to enterprise
security. To ensure security, the wireless intrusion detection system (WIDS) is introduced. WIDS provides

early detection of malicious attacks and intrusions on a wireless network without affecting network

performance, and provides real-time countermeasures.
WLAN security provides these features:

Rogue detection

WIDS attack detection

Blacklist and whitelist

Terminology

Rogue AP—An unauthorized or malicious access point on the network, such as an employee setup

AP, misconfigured AP, neighbor AP or an attacker operated AP. Because it is not authorized, if there

is any vulnerability in the AP, the hacker will have a chance to compromise your network security.

Rogue client—An unauthorized or malicious client on the network.

Rogue wireless bridge—Unauthorized wireless bridge on the network.

Monitor AP—An AP that scans or listens to 802.11 frames to detect rogue devices in the network.

Ad hoc mode—A wireless client in ad-hoc mode can communicate directly with other stations
without support from any other device.

Detecting rogue devices

Rogue detection is applicable to large wireless networks. It detects the presence of rogue devices in a

WLAN network based on the pre-configured rules.
Rogue detection can detect different types of devices in a WLAN network, for example, rogue APs, rogue

clients, rogue wireless bridges, and ad-hoc terminals. An AP can work in either of the following modes
for rogue detection:

Monitor mode—An AP scans all 802.11g frames in the WLAN, but cannot provide WLAN services.
As shown in

Figure 366

, AP 1 works as an access AP, and AP 2 works as a monitor AP to listen to

all 802.11g frames. AP 2 cannot provide wireless access services.