Configuring attack detection policies, Viewing the attack detection policy list – H3C Technologies H3C Intelligent Management Center User Manual
Page 464
442
2.
Select WLAN Manager > WIPS Management > Virtual Security Domain from the navigation tree.
3.
Click the AP Categorization Rule tab.
The AP categorization rule list displays all AP categorization rules.
4.
Delete a single AP categorization rule or multiple AP categorization rules in batches:
{
Select one or more AP categorization rules you want to delete and click Delete.
{
Click the Operation icon
for the AP categorization rule you want to delete, and select
Delete from the menu.
A confirmation dialog box appears.
5.
Click OK.
Configuring attack detection policies
WIPS supports attack detection on the WIPS system. WIPS generates alarms for detected attacks and
records the attacks. WIPS supports the following attack detection policies:
•
Ad hoc Network—An Ad hoc network comprises clients that can directly communicate, so it is
easy to be attacked.
•
Spoofing AP—In an AP spoofing attack, a potential attacker can connect to the AC and provide
access service on behalf of another authorized AP.
•
Spoofing Client—In a client spoofing attack, a potential attacker can access the WLAN on
behalf of another authorized client.
•
AP Flood Attack—The Fake AP tool generates beacon frames imitating a large number of
counterfeit APs, causing problems such as bandwidth consumption, misleading legitimate clients,
and interference with WIPS.
•
EAPOL – Start DoS Attack—An attacker can exhaust the AP's internal resources by flooding it
with EAPOL-start frames.
•
Authentication DoS Attack—An authentication DoS attack floods the association table of an AP
by imitating many clients sending authentication requests to the AP. When the number of entries
in the table reaches the upper limit, the AP cannot process authentication requests from
legitimate clients.
•
Association/Reassociation DoS Attack—An association/reassociation DoS attack exhausts the
client association table of an AP by flooding the AP with a large number of spoofed client
associations so the AP cannot accept legitimate clients.
•
Weak IV—When the RC4 encryption algorithm, used by the WEP security protocol, uses an
insecure IV, the WEP key is more likely to be cracked.
•
Invalid OUI—The OUI library of WIPS contains information about devices that have valid OUIs.
Invalid OUI detection discovers devices whose OUIs are not in the library.
Viewing the attack detection policy list
1.
Click the Service tab.
2.
Select WLAN Manager > WIPS Management > Virtual Security Domain from the navigation tree.
3.
Click the Attack Detection Policy tab.
The attack detection policy list displays all attack detection policies.
{
Name—Name of the attack detection policy.