24 configuring wlan ips, Overview, Terminology – H3C Technologies H3C Intelligent Management Center User Manual

419

24 Configuring WLAN IPS

Overview

802.11 networks are susceptible to a wide array of threats such as interferences, attackers, rogue

clients, and ambient wireless devices. Wireless intrusion prevention system (WIPS) helps protect
enterprise networks and users from unauthorized wireless access according to user-defined security

policies.
In a WIPS-enabled network, the sensors monitor channels to detect attacks and generate alarms, and

then report the information to the AC to notify the administrator. The sensors can also take
countermeasures against the detected rogue devices.

NOTE:

This module only supports Comware-based wireless devices.

Terminology

•

Virtual security domain—You can divide a WLAN into multiple domains called virtual security

domains. A virtual security domain contains sensors, AP categorization rules, and attack

detection policies. WIPS applies different security detection and protection policies to each

virtual security domain.

•

Sensor—A sensor is an AP enabled with WIPS. It monitors WLAN channels, collects WLAN
information, and sends 802.11 frames to disassociate rogue devices. A sensor can operate in the

following modes:

{

Monitor mode—One or more radios on a sensor provide WIPS services but do not provide
access services.

{

Hybrid mode—One or more radios on a sensor provide both WIPS and access services. A
sensor operating in hybrid mode adopts the following policies:

−

Access first—Long access duration, short WIPS monitoring duration, less packet loss, and
good access efficiency. Poor detection capability.

−

Scanning first—Long WIPS monitoring duration, short access duration, more packet loss,

and poor access efficiency. Good detection capability.

−

Balanced—Balanced between the access first and scanning first policies.

•

Trusted address list—A trusted address list contains MAC addresses of permitted APs or clients.

The MAC address of a wireless device can be manually or dynamically added to the permitted
device list. The dynamic mode is applicable to clients. When WIPS detects that a client is

associated with an authorized AP through an encrypted authentication method, it adds the client

to the permitted device list.

•

Static trusted OUI list—A static trusted OUI list contains the OUIs of trusted wireless devices. It is
a supplementary to the permitted device list.