ProSafe Premium 3 x 3
Table 24. IDS/IPS policies and policy rules (continued)
Policy | Description | Policy Rule | |
|
| Threshold | Notification |
|
|
|
|
RF jamming attack | • Attack. Multiple RF transmissions (100 or more) are sent to the | 100 | Trap |
| wireless access point, jamming the radio frequency. |
|
|
| • Result. Wireless service is disrupted. |
|
|
| Note: The IDS detects this attack, but the IPS does not take action |
|
|
| against this attack. |
|
|
Virtual carrier attack | • Attack. Multiple frames (60 or more) with a large duration value | 60 | Trap |
| are sent to the wireless access point. |
|
|
| • Result. Wireless service is disrupted. |
|
|
| • Solution. The wireless access point sends a channel change |
|
|
| frame to the legitimate clients and uses automatic channel |
|
|
| selection to switch to a new clear channel. |
|
|
|
|
|
|
MAC spoofing | • Attack. Several frames (3 or more) that contain the spoofed | 3 | Trap |
| MAC address of the wireless access point itself or the spoofed |
|
|
| MAC address of a legitimate client are sent to the wireless |
|
|
| access point. |
|
|
| • Result. Wireless security might be compromised. |
|
|
| Note: The IDS detects MAC spoofing, but the IPS does not take |
|
|
| action against MAC spoofing. |
|
|
|
|
|
|
Rogue AP detection | • Detection. A wireless access point is not in the managed AP | 0 | Trap |
| list (see View and Save Access Point Lists on page 87) and is |
|
|
| not connected to the secured wireless or wired network. |
|
|
| • Result. Wireless security might be compromised. |
|
|
| Note: The IDS detects rogue APs, but the IPS does not take action |
|
|
| against rogue APs. For information about how to exclude rogue APs |
|
|
| from your network, see Enable Rogue AP Detection and Monitor |
|
|
| Access Points on page 85. |
|
|
|
|
|
|
• Detection. A group of wireless access points are part of an | 0 | Trap | |
detected | ad hoc network that might broadcast the same SSID as the |
|
|
| secured wireless network. |
|
|
| • Result. Wireless security might be compromised. |
|
|
| Note: The IDS detects ad hoc networks, but the IPS does not take |
|
|
| action against ad hoc networks. |
|
|
|
|
|
|
• Detection. A group of wireless access points are part of an | 0 | Trap | |
wired connectivity | ad hoc network that has a wired connection and that might |
|
|
| broadcast the same SSID as the secured wireless network. |
|
|
| • Result. Wireless security might be compromised. |
|
|
| Note: The IDS detects ad hoc networks, but the IPS does not take |
|
|
| action against ad hoc networks. |
|
|
|
|
|
|
Management and Monitoring
92
