Configuration Guide Configuring WIDS
AP-based user isolation
AP-SSID based user isolation
Working Principle
AP-Based User Isolation
Direct communication cannot be conducted between layer-2 STAs associated with the same AP.
AP-SSID based User Isolation
Direct communication cannot be conducted between STAs in the same WLAN who are associated with the same AP.
2.3.4 Rogue Detection and Containment
Network devices are usually divided into two types: illegal (Rogue) and legal. Rogue devices have potential vulnerabilities to
be attacked or manipulated, which therefore poses a serious threat or hazard to network security. Rogue detection function
can monitor abnormal devices in the whole WLAN, helping the network administrator find hidden dangers in networks.
Rogue detection is applicable to multiple Rogue devices in WLAN: APs, clients, wireless bridges, and Ad-hoc devices.
Currently, only the detection on Rogue APs and Ad-hoc devices and unknown STAs is supported.
Rogue device containment counters Rogue devices by sending fake deauthentication frames to the addresses of Rogue
devices, as so to prevent STAs from accessing illegal service or illegal STAs from accessing the devices.
Working Principle
Rogue Detection
The Rogue detection function is conducted by an AP in Monitor mode or Hybrid mode. WIDS captures wireless packets in
the air by deploying some APs in WLAN and setting them to operate in Monitor or Hybrid mode. By conducting analysis and
statistics of monitored wireless packets, the AP can obtain information on the Rogue device. Meanwhile, the network
administrator can also prepare illegal device detection rules to monitor abnormal devices in the whole WLAN.
Unknown STA Detection
The unknown STA detection function monitors the probe request packets from non-accessed STAs in the network, and the
network administrator can also use configuration to specify information on the unknown STA.
Rogue Containment
The Rogue containment refers to a service which uses the means of simulating fake broadcast deauthentication packets to
contain Rogue devices that meet the containment mode rules, and to prevent normal STAs from accessing Rogue devices.
Unknown STA Containment
The unknown STA containment refers to denying unknown STA access by directly constructing deauthentication packets.
To Next Page
Loading...
Need help?
General
