42 wlan security configuration, Wlan security overview, Terminology – H3C Technologies H3C WX6000 Series Access Controllers User Manual

42-1

42

WLAN Security Configuration

The sample output in this manual was created on the WX5004. The output on your device may

vary.

The grayed out functions or parameters on the Web interface indicate that they are not supported

or cannot be modified.

The models listed in this manual are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

WLAN Security Overview

802.11 networks are susceptible to a wide array of threats such as unauthorized access points and

clients, ad hoc networks, and Denial of Service (DoS) attacks. Rogue devices are a serious threat to

enterprise security. To ensure security, the wireless intrusion detection system (WIDS) is introduced.

WIDS provides early detection of malicious attacks and intrusions on a wireless network without

affecting network performance, and provides real-time countermeasures.

WLAN security provides these features:

Rogue detection

WIDS attack detection

Frame filtering.

Terminology

Rogue AP: An unauthorized or malicious access point on the network, such as an employee setup

AP, misconfigured AP, neighbor AP or an attacker operated AP. As it is not authorized, if there is

any vulnerability in the AP, the hacker will have chance to compromise your network security.

Rogue client: An unauthorized or malicious client on the network.

Rogue wireless bridge: Unauthorized wireless bridge on the network.

Monitor AP: An AP that scans or listens to 802.11 frames to detect rogue devices in the network.

Ad hoc mode: A wireless client in ad-hoc mode can directly communicate with other stations

without support from any other device.

Detecting rogue devices

Rogue detection is applicable to large wireless networks. It detects the presence of rogue devices in a

WLAN network based on the pre-configured rules.