Detecting Rogue APs

The most important WIP functionality is the ability to classify an AP as a potential security threat. An AP is considered to be a rogue AP if it is both unauthorized and plugged into the wired side of the network. An AP is considered to be an interfering AP if it is seen in the RF environment but is not connected to the wired network.

While the interfering AP can potentially cause RF interference, it is not considered a direct security threat since it is not connected to the wired network. However, an interfering AP may be reclassified as a rogue AP.

Understanding Classification Terminology

APs and clients are discovered during scanning of the wireless medium, and they are classified into various groups. The AP and client classification definitions are in Table 103 and Table 104.

Table 103: AP Classification Definition

Classification

Description

Valid AP

An AP that is part of the enterprise providing WLAN service.

 

 

Interfering AP

An AP that is seen in the RF environment but is not connected to the wired network. An

 

interfering AP is not considered a direct security threat since it is not connected to the wired

 

network. For example, an interfering AP can be an AP that belongs to a neighboring office’s

 

WLAN but is not part of your WLAN network.

 

 

Neighbor AP

A neighboring AP is when the BSSIDs are known. Once classified, a neighboring AP does not

 

change its state.

 

 

Rogue AP

An unauthorized AP that is plugged into the wired side of the network.

 

 

Suspected-Rogue AP

A suspected rogue AP is an unauthorized AP that may be plugged into the wired side of the

 

network.

Manually-contained AP

An AP for which DoS is enabled manually.

Table 104: Client Classification Definitions

Classification

Valid Client

Description

Any client that successfully authenticates with a valid AP and passes encrypted traffic is classified as a valid client.

Manually-contained Client

Any clients for which DoS is enabled manually.

Interfering Client

A client associated to any AP and is not valid.

Understanding Classification Methodology

A discovered AP is classified as a rogue or a suspected rogue by the following methods:

Internal heuristics

AP classification rules

Manually by the user

The internal heuristics works by checking if the discovered AP is communicating with a wired device on the customer network. This is done by matching the MAC address of devices that are on the discovered AP’s network

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Wireless Intrusion Prevention 368

Page 368
Image 368
Dell 6.2 manual Detecting Rogue APs, Understanding Classification Terminology, Understanding Classification Methodology

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.