Intrusion Prevention; Configuring A Wips Policy - Motorola AP-6511 Reference Manual

8.2 Intrusion Prevention

The AP-6511 supports Wireless Intrusion Protection Systems (WIPS) to provide continuous protection
against wireless threats and act as an additional layer of security complementing wireless VPNs and
encryption and authentication policies. An AP-6511 supports WIPS through the use of dedicated sensor
devices designed to actively detect and locate unauthorized AP devices. After detection, they use mitigation
techniques to block the devices by manual termination, air lockdown, or port suppression.
Unauthorized APs are untrusted and unsanctioned Access Points connected to a LAN that accept client
associations. They can be deployed for illegal wireless access to a corporate network, implanted with
malicious intent by an attacker, or could just be misconfigured Access Points that do not adhere to corporate
policies. An attacker can install a unauthorized AP with the same ESSID as the authorized WLAN, causing a
nearby client to associate to it. The unauthorized AP can then steal user credentials from the client, launch
a man-in-the middle attack or take control of wireless clients to launch denial-of-service attacks.
NOTE: WIPS support is not supported natively by an AP-6511 Access Point and must be
deployed using an external WIPS server resource.
A WIPS server can be deployed as a dedicated solution within a separate enclosure. When used with
associated Access Point radios, a WIPS deployment provides the following enterprise class security
management features:
• Threat Detection - Threat detection is central to a wireless security solution. Threat detection must be
robust enough to correctly detect threats and swiftly help protect the wireless network.
• Rogue Detection and Segregation - A WIPS supported network distinguishes itself by both identifying
and categorizing nearby APs. WIPS identifies threatening versus non-threatening APs by segregating APs
attached to the network (unauthorized APs) from those not attached to the network (neighboring APs).
The correct classification of potential threats is critical for administrators to act promptly against rogues
and not invest in a manual search of thousands of neighboring APs.
• Locationing - Administrators can define the location of wireless clients as they move throughout a site.
This allows for the removal of potential rogues though the identification and removal of their connected
Access Points.
• WEP Cloaking - WEP Cloaking protects organizations using the Wired Equivalent Privacy (WEP) security
standard to protect networks from common attempts used to crack encryption keys.

8.2.1 Configuring a WIPS Policy


Intrusion Prevention
To define a WIPS configuration:
1. Select Configuration
The Wireless IPS screen lists those WIPS policies created thus far. Any of these existing WIPS policies
can be selected and applied.
> Security > WIPS Policy
Security Configuration
8-13