ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620

Configure Wireless Intrusion Detection and Prevention

Configure Wireless Intrusion Detection and Prevention Policy Settings

Configure Wireless Intrusion Detection and Prevention Mail Settings

Monitor Traps, Counters, and Ad Hoc Networks

Configure Wireless Intrusion Detection and Prevention Policy Settings

The wireless access point provides a wireless intrusion detection system (WIDS) and wireless intrusion prevention system (WIPS) to detect and mitigate wireless attacks. These intrusion systems are referred to as IDS/IPS.

If enabled, the IDS recognizes multiple types of wireless attacks, and the IPS automatically neutralizes many attacks. Attacks are covered by preconfigured policy rules. When an attack occurs, the wireless access point can notify a network administrator though an email.

The following table lists all IDS/IPS policies with their policy rules. Most of these policies provide protection against denial of service (DoS) attacks. You can enable or disable IDS/IPS policies, but both the policies and the policy rules are not configurable.

All thresholds are measured over a short period. For the IDS/IPS to send a notification according to the policy rule, you first need to configure the email settings (see Configure Wireless Intrusion Detection and Prevention Mail Settings on page 95).

Table 24. IDS/IPS policies and policy rules

Policy

Description

Policy Rule

 

 

Threshold

Notification

 

 

 

 

Authentication flood

Attack. Multiple authentication requests (5 or more) that use

5

Trap

 

spoofed MAC addresses of legitimate clients are sent to the

 

 

 

wireless access point.

 

 

 

Result. The client association table overflows, causing

 

 

 

authentication requests from legitimate clients to be denied.

 

 

 

Solution. The oldest clients that are stuck in the authentication

 

 

 

phase are removed from the table.

 

 

Association flood

Attack. Multiple association requests (5 or more) that use

5

Trap

 

spoofed MAC addresses of legitimate clients are sent to the

 

 

 

wireless access point.

 

 

 

Result. The client association table overflows, causing

 

 

 

association requests from legitimate clients to be denied.

 

 

 

Solution. The oldest associations are removed from the table.

 

 

Management and Monitoring

89

Page 89
Image 89
NETGEAR WNDAP620 manual Configure Wireless Intrusion Detection and Prevention, IDS/IPS policies and policy rules