D-Link DWC-1000 User Manual - Page 286

WIDS Configuration

Get D-Link DWC-1000 PDF manuals and user guides View all D-Link DWC-1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 286 highlights

Wireless Controller User Manual Known Cl i ent: En ab le t h is field t o in clu d e t h e Kn o wn Clien t Dat ab as e in t h e configuration that the controller pus hes to its peers . RADIUS Cl i ent: En ab le t h is field t o in clu d e t h e Clien t RA DIUS in fo rmat io n in t h e configuration that the controller pus hes to its peers . 11.5 WIDS Configuration Th e D-Lin k W ireles s Co n t ro ller W ireles s In t ru s io n Det ect io n Sy s t em (W IDS) can h elp d et ect in t ru sio n at temp ts in t o t h e wireles s n et work an d t ake au tomat ic act io n s t o protect the network. 11.5.1 WIDS AP configration Advanced > WIDS Security > AP The W IDS AP Configuration page allows you to activate or deactivate various threat detection tes ts and s et threat detection thres holds in order to help detect rogue A Ps on the wireles s network. These changes can be done without dis rupting n et wo rk co n n ect iv it y . Sin ce s o me o f t h e wo rk is d o n e b y acces s p o in t s , t h e co n t ro ller n eed s t o s en d mes s ag es t o t h e A Ps t o mo d ify it s W IDS o p erat io n al p ro p e rt ie s Admi ni s trator confi g ured rog ue AP : If t h e s o u rce M A C ad d res s is in t h e v alid A P d at ab ase o n t h e co ntro ller o r o n t h e RA DIUS s erv er an d t h e A P t y p e is marked as Rogue, then the AP s tate is Rogue. Manag ed S S ID from an unk nown AP : Th is t es t ch ecks wh et her an u nkn own A P is u s in g t h e man aged n et work SSID. A h acker may s et u p an A P wit h man ag ed SSID to fool us ers into associating with the A P and revealing password and other s ecure in fo rmat io n . A d min is t rat o rs wit h larg e n et wo rks wh o are u s in g mu lt ip le clu s t ers s h o u ld e it h er u s e d ifferen t n et wo rk n ames in each clu s t er o r d is ab le t h is t es t . Otherwis e, if an AP in the firs t clus ter detects APs in the s econd clus ter t ran s mit t in g t h e s ame SSID as A Ps in t h e firs t clu s t er t h en t h es e A Ps are rep o rt ed as rogues. 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
Wireless Controller
User Manual
284
Known Client
: Enable this field to include the Known Client Database in the
configuration
that
the
controller
pushes
to
its
peers.
RADIUS Client
: Enable this field to include the Client RADIUS information in the
configuration that the controller pushes to its peers.
11.5 WIDS Configuration
The D-Link Wireless Controller Wireless Intrusion Detection System (WIDS) can
help detect intrusion attempts into the wireless network and take automatic actions to
protect the network.
11.5.1 WIDS AP configration
Advanced > WIDS Security > AP
The WIDS AP Configuration page allows you to activate or deactivate various
threat detection tests and set threat detection thresholds in order to help detect
rogue APs on the wireless network. These changes can be done without disrupting
network connectivity. Since some of the work is done by access points, the
controller needs to send messages to the APs to modify its WIDS operational
properties
Administrator configured rogue AP
: If the source MAC address is in the valid-
AP database on the controller or on the RADIUS server and the AP type is marked
as Rogue, then the AP state is Rogue.
Managed SSID from an unknown AP
: This test checks whether an unknown AP is
using the managed network SSID. A hacker may set up an AP with managed SSID
to fool users into associating with the AP and revealing password and other secure
information. Administrators with large networks who are using multiple clusters
should either use different network names in each cluster or disable this test.
Otherwise, if an AP in the first cluster detects APs in the second cluster
transmitting the same SSID as APs in the first cluster then these APs are reported
as rogues.