No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FATAP and Cloud AP V200R009C00 Web-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring WIDS/WIPS

Example for Configuring WIDS/WIPS

Service Requirements

Due to openness of the WLAN, there are security risks. If attackers deploy an AP with the SSID huawei on the network to forge an authorized AP, STAs may associate with the rogue AP. If wireless terminals attack the WLAN network, for example, the terminals try to crack the WAP2-PSK key or initiate flood attacks to the authorized AP, there are security risks on the network. WIDS and WIPS need to be configured on the AP to detect attacks of rogue APs and terminals.

Networking Requirements

  • DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to STAs.
Figure 2-11  WIDS/WIPS networking

Data Preparation

Item Data

Radio 0

  • Device detection and rogue device containment on radio 0: enabled.

  • Attack detection type on radio 0: Flood and WPA2-PSK

WIDS and WIPS parameters

  • Rogue device containment mode: containing rogue APs using spoofing SSIDs

  • Flood attack: More than 300 management packets of the same type are received within 60 seconds.

  • WPA2-PSK brute force password cracking: An incorrect key is entered more than 20 times during WPA2-PSK authentication within 60 seconds.

  • Dynamic blacklist: enabled

Dynamic blacklist aging time

200 seconds

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure wireless services on the AP. For details, see Example for Configuring Fat AP Layer 2 Networking.
  2. Configure WIDS and WIPS to detect and contain rogue APs and prevent STAs from associating with the rogue APs. Add attacking devices to the dynamic blacklist so that the APs discard packets from the attacking devices.
  3. Verify the configuration.
NOTE:

In this example, the authorized APs work in normal mode and have the detection function enabled. In addition to transmitting WLAN service data, AP radios need to perform the monitoring function.A transient increase in the WLAN service latency may occur, which does not affect network access. However, if any latency-sensitive service (such as videoconferencing) is running, it is recommended that a separate radio be used for air scan.

The following example configures WIDS and WIPS on radio 0. The configuration on radio 1 is similar.

Procedure

  1. Enable WIDS and WIPS.
    1. Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0 page is displayed.
    2. Click Radio Management. The configuration page of radio 0 is displayed.
    3. Enable device detection, rogue device containment, flood attack detection, and WPA2-PSK attack detection.



    4. Click Apply. In the Info dialog box that is displayed, click OK.
  2. Set parameters related to WIDS and WIPS.
    1. Choose Configuration > Security > WIDS > Global Settings. The Global Settings page is displayed.
    2. Set the rogue device containment mode and parameters for detection of brute force key cracking attacks and flood attacks, and enable the dynamic blacklist function.



    3. Click Apply. In the Info dialog box that is displayed, click OK.
  3. Set the aging time of the dynamic blacklist.
    1. Choose Configuration > WLAN Service > Basic Config > STA Blacklist And Whitelist.
    2. Set Dynamic blacklist aging time to 200 seconds.
    3. Click Apply. In the Info dialog box that is displayed, click OK.
  4. Verify the configuration.
    1. Choose Configuration > Security > WIDS.
    2. Check information about detected rogue devices on the Rogue Device tab page.
    3. Check statistics on all detected attacks on the Attack Statistics tab page.
    4. Check detailed information about attacks on the Attack Records tab page.
    5. Check information about attack devices in the blacklist on the Dynamic Blacklist tab page.
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1100035626

Views: 11097

Downloads: 430

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next