Dell W-Series 277 Instant 6.5.1.0-4.3.1.0 User Guide - Page 328
Intrusion Detection, Detecting and Classifying Rogue W-IAPs, OS Fingerprinting,
View all Dell W-Series 277 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 328 highlights
Chapter 27 Intrusion Detection The Intrusion Detection System (IDS) is a feature that monitors the network for the presence of unauthorized W-IAPs and clients. It also logs information about the unauthorized W-IAPs and clients, and generates reports based on the logged information. The IDS feature in the Instant network enables you to detect rogue W-IAPs, interfering W-IAPs, and other devices that can potentially disrupt network operations. This chapter describes the following procedures: l Detecting and Classifying Rogue W-IAPs on page 328 l OS Fingerprinting on page 328 l Configuring Wireless Intrusion Protection and Detection Levels on page 329 l Configuring IDS on page 334 Detecting and Classifying Rogue W-IAPs A rogue W-IAP is an unauthorized W-IAP plugged into the wired side of the network. An interfering W-IAP is an W-IAP seen in the RF environment but it is not connected to the wired network. While the interfering W-IAP can potentially cause RF interference, it is not considered a direct security threat, because it is not connected to the wired network. However, an interfering W-IAP may be reclassified as a rogue W-IAP. To detect the rogue W-IAPs, click the IDS link in the Instant main window. The built-in IDS scans for access points that are not controlled by the VC. These are listed and classified as either Interfering or Rogue, depending on whether they are on a foreign network or your network. Figure 95 Intrusion Detection OS Fingerprinting The OS Fingerprinting feature gathers information about the client that is connected to the Instant network to find the operating system that the client is running on. The following is a list of advantages of this feature: l Identifying rogue clients-Helps to identify clients that are running on forbidden operating systems. l Identifying outdated operating systems-Helps to locate outdated and unexpected OS in the company network. l Locating and patching vulnerable operating systems-Assists in locating and patching specific operating system versions on the network that have known vulnerabilities, thereby securing the company network. OS Fingerprinting is enabled in the Instant network by default. The following operating systems are identified by Instant: Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide Intrusion Detection | 328