Configuration Guide Configuring WIDS
DDoS detection function performs statistics for the attacker's packets and determines whether the number of packets per
second exceeds the configured threshold. If yes, this result will be logged. If the dynamic blacklist function is enabled, the
attacker will be added into the dynamic blacklist.
 Flooding Attack Detection
Flooding attack refers to that an attacker sends a large number of packets of the same type in a short period of time, causing
the WLAN devices fail to process legal STA requests due to the Rogue flooding.
Flooding attack detection prevents this flooding attack by continuously monitoring the traffic of each device. Within specified
time, when the traffic exceeds the upper limit set by the network administrator, this device is deemed to be a flooding attacker
and is therefore blocked. Flooding attack detection can be used with the dynamic blacklist function. When attacks are
detected, if the dynamic blacklist function is enabled, the STA initiating the attacks will be added into the dynamic blacklist,
ensuring no more intrusion by this STA and thus guaranteeing network security.
 Spoofing Attack Detection
Spoofing attack refers to that an attacker sends fake packets in the name of another STA. For example, a fake
deauthentication packet causes a STA offline.
WIDS performs detection on the broadcast deauthentication and broadcast disassociation packets. When such packet is
received, it is immediately defined as a spoofing attack and logged.
 Weak IV Attack Detection
Weak IV (Weak Initialization Vector) attack refers to the following attack behavior: when the WLAN uses WEP encryption, an
attacker intercepts packets with weak initialization vectors, cracks the shared key and finally steals the encrypted
information.
When WLAN uses WEP for encryption, an initialization vector (IV) is generated for each packet and, together with the shared
key, taken as input to generate a key string. With the key string and plain-text encryption, the cipher text is generated finally.
When a WEP packet is sent, the IV used for packet encryption is also taken as a part of the packet header to be sent. If the
IV is generated with an insecure method, for example, repetitive IVs are frequently generated or even the same IV is always
generated, the shared key will be exposed easily. If a potential attacker obtains the shared key, it can control network
resources and pose a threat to network security.
The IDS prevents this attack by identifying the IV of each WEP packet. When a packet with a weak IV is detected, the IDS
immediately determines that this is vulnerability and logs this detected result.
2.3.3 User Isolation
Because of the mobility and uncertainty of STAs, STA information privacy appears to be particularly important in some
occasions (especially public areas). Therefore, direct STA communication should be restricted. The user isolation technology
can avoid insecure access between STAs in WLAN coverage (e.g., via online neighborhood), so as to prevent private
information from being stolen by others.
User isolation isolates STAs, and prevents them from accessing each other without affecting their normal network access,
guaranteeing service security. The layer-2 user isolation has the following two types:
To Next Page
Loading...
Need help?
General
