EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 496

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Protecting Against Misconfigured APs
Protect Misconfigured AP enforces that valid APs are configured properly. An offending AP is contained by
preventing clients from associating to it.
Protecting Against Wireless Hosted Networks
Clients using the Windows wireless hosted network feature can act as an access point to which other wireless
clients can connect, effectively becoming a Wi-Fi HotSpot. This creates a security issue for enterprises, because
unauthorized users can use a hosted network to gain access to the corporate network, and valid users that
connect to a hosted network are vulnerable to attacks or security breaches. This feature detects a wireless
hosted network, and contains the client hosting this network.
Protecting SSIDs
Protect SSID enforces that valid/protected SSIDs are used only by valid APs. An offending AP is contained by
preventing clients from associating to it.
Protecting Against Rogue Containment
By default, rogue APs are not automatically disabled. Rogue containment automatically disables a rogue AP by
preventing clients from associating to it.
Protecting Against Suspected Rogue Containment
By default, suspected rogue APs are not automatically contained. In combination with the suspected rogue
containment confidence level, suspected rogue containment automatically disables a suspect rogue by
preventing clients from associating to it.
Protection against Wired Rogue APs
This feature enables containment from the wired side of the network. The basic wired containment feature in
the IDS general profile isolates layer-3 APs whose wired interface MAC addresses are the same as (or one
character off from) their BSSIDs. The enhanced wired containment feature introduced in AOS-W 6.3 can also
identify and contain an AP with a preset wired MAC address that is completely different from the AP’s BSSID. In
many non-Alcatel-Lucent APs, the MAC address the AP provides to wireless clients as a gateway MAC’ is offset
by one character from its wired MAC address. This enhanced feature allows AOS-W to check to see if a
suspected Layer-3 rogue AP’s MAC address follows this common pattern.
Understanding Client Intrusion Protection
Table 114 list the client intrusion protection features with their related commands, traps, and syslog
identifications. Details of each feature follow the table.
AOS-W 6.5.3.x | User Guide Wireless Intrusion Prevention | 496

Table of Contents