Wlan Security Configuration; Wlan Security Overview; Wids Attack Detection - H3C WA2612-AGN Web-Based Configuration Manual
Wa2600 series; wa2600 series; wa2600 series; wa2600 series; wa3600 series; wa3600 series
Hide thumbs
Also See for WA2612-AGN:
- Installation manual (13 pages) ,
- Fundamentals configuration manual (137 pages) ,
- Command reference manual (131 pages)
Table of Contents
Advertisement
WLAN security configuration
WLAN security overview
802.1 1 networks are susceptible to a wide array of threats such as unauthorized access points and clients,
ad hoc networks, and Denial of Service (DoS) attacks. To ensure security, the wireless intrusion detection
system (WIDS) is introduced. WIDS provides early detection of malicious attacks and intrusions on a
wireless network without affecting network performance, and provides real-time countermeasures.
WLAN security provides these features:
WIDS attack detection
•
•
Blacklist and white list
WIDS attack detection
The WIDS attack detection function detects intrusions or attacks on a WLAN network, and informs the
network administrator of the attacks through recording information or sending logs. WIDS detection
supports detection of the following attacks:
Flood attack
•
Spoofing attack
•
Weak IV attack
•
Flood attack detection
A flood attack refers to the case where WLAN devices receive large volumes of frames of the same kind
within a short span of time. When this occurs, the WLAN devices are overwhelmed with frames from this
device and frames from authorized clients get dropped.
WIDS attacks detection counters this flood attack by constantly keeping track of the density of traffic
generated by each device. When this density exceeds the tolerance limit, the device is considered to be
flooding the network. Subsequent frames from this device are not processed. If the dynamic blacklist
feature is enabled, the detected device is added to the blacklist, and is forbidden to access the WLAN
for a period of time.
WIDS detects the following types of frames:
•
Authentication requests and de-authentication requests
Association requests, disassociation requests and reassociation requests
•
Probe requests
•
•
802.1 1 null data frames
802.1 1 action frames.
•
Spoofing attack detection
In this kind of attack, a potential attacker can send frames in the air on behalf of another device. For
instance, a client in a WLAN has been associated with an AP and works normally. In this case, a
spoofed de-authentication frame can cause a client to get de-authenticated from the network and can
affect the normal operation of the WLAN.
425
Hide quick links:
Advertisement
Table of Contents
