beautypg.com

23 managing wireless network security, Ids feature overview, Ids on comware-based acs – H3C Technologies H3C Intelligent Management Center User Manual

Page 419: Ids on msm series acs

background image

397

23 Managing wireless network security

Wireless networks are susceptible to a wide array of threats, such as unauthorized or malicious APs

and clients (called rogue APs and rogue clients in this chapter). You can use WIDS model to monitor

and manage these APs and clients.

IDS feature overview

The IDS feature on Comware-based ACs is different from that on MSM series ACs.

IDS on Comware-based ACs

Comware-based ACs use WIDS detection rules to determine whether a fit AP is an authorized AP or a

rogue AP.
By configuring WIDS detection rules, you maintain the following lists:

Permitted-OUI list—Comprises the OUIs of trusted vendors.

Permitted-SSID list—Comprises the SSIDs of trusted wireless networks.

Permitted-MAC address list—Comprises the MAC addresses of trusted APs and trusted clients.

MAC-to-attack list—Comprises the MAC addresses of rogue APs and rogue clients.

ACs classify devices as rogues and authorized devices based on WIDS detection rules:

All APs and clients on one of the permitted lists are considered legal devices. ACs permit these
APs and clients to provide services or access your wireless network.

Any APs or clients that are not on the permitted lists are considered rogue APs and clients, which
can be managed from the Rogue APs and Rogue Clients modules, respectively.

For APs and clients on the MAC-to-attack list, you can configure ACs to initiate attacks against

them to prevent them from affecting your wireless network.

IDS on MSM series ACs

MSM series ACs uses the authorized AP list to determine whether a fit AP is a rogue AP or an
authorized AP. You can import an authorized AP list for a single or multiple MSM series ACs, enable

or disable IDS for an MSM series AC, and enable fit APs managed by an MSM series AC to detect

rogue APs on the network.
An MSM series AC classifies fit APs into these types: Authorized, External, Rogue, and Unclassified.

Authorized—APs managed by the ACs and those on the authorized AP list.

Rogue—APs that have connected to the wired network but have not been recognized by the ACs
as an authorized AP. Rogue APs poses threats to the network and must be strictly monitored.

External—Unmanaged APs detected by the ACs outside the local network

Unclassified—Unclassified APs.

See also other documents in the category H3C Technologies Safety: