Wireless Ips (Wips) - Motorola WiNG 5.7.1 System Reference Manual

8.5 Wireless IPS (WIPS)

Security Configuration
The access point supports Wireless Intrusion Protection Systems (WIPS) to provide continuous protection against wireless
threats and act as an additional layer of security complementing wireless VPNs and encryption and authentication policies. An
access point supports WIPS through the use of dedicated sensor devices designed to actively detect and locate unauthorized
AP devices. After detection, they use mitigation techniques to block the devices by manual termination, air lockdown, or port
suppression.
Unauthorized APs are untrusted and unsanctioned access points connected to a LAN that accept client associations. They can
be deployed for illegal wireless access to a corporate network, implanted with malicious intent by an attacker, or could just be
misconfigured access points that do not adhere to corporate policies. An attacker can install a unauthorized AP with the same
ESSID as the authorized WLAN, causing a nearby client to associate to it. The unauthorized AP can then steal user credentials
from the client, launch a man-in-the middle attack or take control of wireless clients to launch denial-of-service attacks.
NOTE: WIPS is not supported natively by an AP6511 or AP6521 model access point and
must be deployed using an external WIPS server resource.
A WIPS server can be deployed as a dedicated solution within a separate enclosure. When used with associated access point
radios, a WIPS deployment provides the following enterprise class security management features:
• Threat Detection - Threat detection is central to a wireless security solution. Threat detection must be robust enough to
correctly detect threats and swiftly help protect the wireless network.
• Rogue Detection and Segregation - A WIPS supported network distinguishes itself by both identifying and categorizing
nearby access points. WIPS identifies threatening versus non-threatening access points by segregating access points
attached to the network (unauthorized APs) from those not attached to the network (neighboring access points). The correct
classification of potential threats is critical for administrators to act promptly against rogues and not invest in a manual
search of thousands of neighboring access points.
• Locationing - Administrators can define the location of wireless clients as they move throughout a site. This allows for the
removal of potential rogues though the identification and removal of their connected access points.
• WEP Cloaking - WEP Cloaking protects organizations using the Wired Equivalent Privacy (WEP) security standard to protect
networks from common attempts used to crack encryption keys.
To define an access point's WIPS configuration:
1. Select Configuration
2. Select Security
3. Select Wireless IPS
The Wireless IPS
tab from the Web user interface.
to display existing Wireless Intrusion Protection policy.
screen displays the Settings tab by default.
8 - 33