13
BlueSecure™ Controller Setup and Administration Guide
RF Intrusion Detection and Containment
The BSC detects and protects against rogue devices, ad-hoc networks, and a
large number of WLAN Denial of Service (DoS) and spoofing attacks.
The BSC provides RF intrusion detection by analyzing the data collected from
its BSAPs operating in dual AP/sensor mode or sensor-only mode to detect
attacks, vulnerabilities, and rogue devices in the RF space.
Should a rogue AP or client be discovered, the BSC configures the BSAP
nearest the rogue device to initiate containment using 802.11 de-authentication
and/or disassociation messages. Up to five BSAPs can participate in the
containment if range permits. The BSAPs participating in the RF containment
remain online for wireless access during the containment period.
All RF IDS alarms issued by a BSAP automatically generate a corresponding
SNMP trap message and syslog message.
This chapter provides complete procedures for your configuring RF intrusion
and containment on the BSC and includes:
•
Identifying Authorized RF Stations on Your Network
•
Configuring RF Alarms
•
Configuring Manual Containment
•
Configuring Autocontainment
13-1