D-Link DWC-1000 User Manual page 300
Wireless controller
Hide thumbs
Also See for DWC-1000:
- User manual (390 pages) ,
- Reference manual (146 pages) ,
- Quick installation manual (53 pages)
Table of Contents
Advertisement
Wireless Controller
User Manual
connectivity. Since some of the work is done by access points, the controller needs
to send messages to the APs to modify its WIDS operational properties
Administrator configured rogue AP: If the source MAC address is in the valid -AP
database on the controller or on the RADIUS server and the AP type is marked as
Rogue, then the AP state is Rogue.
Managed SSID from an unknown AP: This test checks whether an unknown AP is
using the managed network SSID. A hacker may set up an AP with managed SSID to
fool users into associating with the AP and revealing password and other secure
information. Administrators with large networks who are using multiple clusters
should either use different network names in each cluster or disable this test.
Otherwise, if an AP in the first cluster detects APs in the second cluster transmitting
the same SSID as APs in the first cluster then these APs are reported as rogues.
Managed SSID from a fake managed AP: A hacker may set up an AP with the same
MAC address as one of the managed APs and configure it to send one of the managed
SSIDs. This test checks for a vendor field in the beacons which is alwa ys transmitted
by managed APs. If the vendor field is not present, then the AP is identified as a fake
AP.
AP without an SSID: SSID is an optional field in beacon frames. To avoid detection
a hacker may set up an AP with the managed network SSID, but disab le SSID
transmission in the beacon frames. The AP would still send probe responses to clients
that send probe requests for the managed SSID fooling the clients into associating
with the hacker's AP. This test detects and flags APs that transmit beacons wit hout
the SSID field. The test is automatically disabled if any of the radios in the profiles
are configured not to send SSID field, which is not recommended because it does not
provide any real security and disables this test.
Fake managed AP on an invalid channel: This test detects rogue APs that transmit
beacons from the source MAC address of one of the managed APs, but on different
channel from which the AP is supposed to be operating.
Managed SSID detected with incorrect security : During RF Scan the AP examines
beacon frames received from other APs and determines whether the detected AP is
advertising an open network, WEP, or WPA. If the SSID reported in the RF Scan is
one of the managed networks and its configured security not match the detected
security then this test marks the AP as rogue.
299
Advertisement
Table of Contents
