Table of Contents
Advertisement
Configuring Wireless Intrusion Prevention
Rogue Access Points
• SSID-Spoofing: These are rogue access points that are beaconing the same
SSID name as a ZoneDirector-managed access point. They pose a threat as
someone may be attempting to use them as a honey pot to attract your clients
into their network to attempt hacking or man-in-the-middle attacks to exploit
passwords and other sensitive data.
• Same-Network: These are rogue access points that are detected by other
access points as transmitting traffic on your internal network. They are detected
by ZoneDirector-managed access points seeing packets coming from a 'similar'
MAC address to one of those detected from an over the air rogue AP. Similar
MAC addresses are +-5 MAC address lower or higher than the detected over
the air MAC address.
• MAC-spoofing: These are rogue access points that are beaconing the same
MAC address as a ZoneDirector-managed access point. They pose a threat as
someone may be attempting to use them as a honey pot to attract your clients
into their network to attempt hacking or man-in-the-middle attacks to exploit
passwords and other sensitive data.
The last type of malicious rogue device is "User Marked." These are devices that
are manually marked as malicious rogues by a ZoneDirector administrator using the
Mark as Malicious button on the Monitor > Rogue Devices page.
To configure intrusion detection and prevention options:
1 In the Intrusion Detection and Prevention section, configure the following
settings:
• Enable report rogue devices: Enabling this check box allows ZoneDirector
to include rogue device detection in logs and email alarm event notifications.
-
Report all rogue devices: Send alerts for all rogue AP events.
-
Report only malicious rogue devices of type: Select which event types to
report.
• Protect the network from malicious rogue access points: Enable this
feature to automatically protect your network from network connected rogue
APs, SSID-spoofing APs and MAC-spoofing APs. When one of these rogue
APs is detected (and this check box is enabled), the Ruckus AP automatically
begins sending broadcast de-authentication messages spoofing the rogue's
BSSID (MAC) to prevent wireless clients from connecting to the malicious
rogue AP. This option is disabled by default.
2 Click the Apply button that is in the same section to save your changes.
126
Ruckus Wireless, Inc.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
