Wireless Ips (Wips) - Motorola Solutions WiNG 5.2.6 Reference Manual

7 - 20 WiNG 5.2.6 Access Point System Reference Guide

7.2 Wireless IPS (WIPS)

The access point supports Wireless Intrusion Protection Systems (WIPS) to provide continuous protection against
wireless threats and act as an additional layer of security complementing wireless VPNs and encryption and
authentication policies. An access point supports WIPS through the use of dedicated sensor devices designed to
actively detect and locate unauthorized AP devices. After detection, they use mitigation techniques to block the
devices by manual termination, air lockdown, or port suppression.
Unauthorized APs are untrusted and unsanctioned access points connected to a LAN that accept client associations.
They can be deployed for illegal wireless access to a corporate network, implanted with malicious intent by an
attacker, or could just be misconfigured access points that do not adhere to corporate policies. An attacker can install
a unauthorized AP with the same ESSID as the authorized WLAN, causing a nearby client to associate to it. The
unauthorized AP can then steal user credentials from the client, launch a man-in-the middle attack or take control of
wireless clients to launch denial-of-service attacks.
A WIPS server can be deployed as a dedicated solution within a separate enclosure. When used with associated
access point radios, a WIPS deployment provides the following enterprise class security management features:
• Threat Detection - Threat detection is central to a wireless security solution. Threat detection must be robust
enough to correctly detect threats and swiftly help protect the wireless network.
• Rogue Detection and Segregation - A WIPS supported network distinguishes itself by both identifying and
categorizing nearby APs. WIPS identifies threatening versus non-threatening APs by segregating APs attached to
the network (unauthorized APs) from those not attached to the network (neighboring APs). The correct
classification of potential threats is critical for administrators to act promptly against rogues and not invest in a
manual search of thousands of neighboring APs.
• Locationing - Administrators can define the location of wireless clients as they move throughout a site. This
allows for the removal of potential rogues though the identification and removal of their connected access points.
• WEP Cloaking - WEP Cloaking protects organizations using the Wired Equivalent Privacy (WEP) security standard
to protect networks from common attempts used to crack encryption keys.
To define an access point's WIPS configuration:
1. Select Configuration
The Wireless IPS
NOTE: WIPS is not supported natively by an AP-6511 or AP-6521 model access point and
must be deployed using an external WIPS server resource.
> Security > Wireless IPS.
screen displays the Settings tab by default.