Intrusion Detection Deployment Considerations - Motorola AP-6511 Reference Manual

Motorola Solutions AP-6511 Access Point System Reference Guide
22.Refer to
Client Threshold
Radio Threshold
23.Set a
radio association when responsible for triggering a WIPS event.
24.Refer to the
25.Select
saved configuration.

8.2.2 Intrusion Detection Deployment Considerations

Before configuring WIPS support, refer to the following deployment guidelines to ensure the configuration
is optimally effective:
• WIPS is best utilized when deployed in conjunction with a corporate or enterprise wireless security
policy. Since an organization's security goals vary, the security policy should document site specific
concerns. The WIPS system can then be modified to support and enforce these additional security
policies
• WIPS reporting tools can minimize dedicated administration time. Vulnerability and activity reports
should automatically run and be distributed to the appropriate administrators. These reports should
highlight areas to be to investigated and minimize the need for network monitoring.
• It's important to keep your WIPS system Firmware and Software up to date. A quarterly system audit can
ensure firmware and software versions are current.
• Only a trained wireless network administrator can determine the criteria used to authorize or ignore
devices. You may want to consider your organization's overall security policy and your tolerance for risk
versus users' need for network access. Some questions that may be useful in deciding how to classify a
device are:
• Does the device conform to any vendor requirements you have?
• What is the signal strength of the device? Is it likely the device is outside your physical radio coverage
area?
• Is the detected Access Point properly configured according to your organization's security policies?
• Motorola Solutions recommends trusted and known Access Points be added to an sanctioned AP list.
This will minimize the number of unsanctioned AP alarms received.
8-22
Thresholds field to set the thresholds used as filtering criteria.
Specify the threshold limit per client that, when exceeded, signals the
event. The configurable range is from 1 - 65,535.
Specify the threshold limit per radio that, when exceeded, signals the
event. The configurable range is from 1 - 65,535.
Filter Expiration between 1 - 86,400 seconds that specifies the duration a client is excluded from
Payload table to set a numerical index and offset for the WIPS signature.
OK to save the updates to the WIPS Signature configuration. Select Reset to revert to the last