Applications, Restrictions, Applications restrictions – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

524

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Wireless IDS

C

Wireless Intrusion Detection Violations
As shown in table above, the RF Switch can detect numerous violations, each with a configurable
threshold for monitoring the specific violation on an MU, radio and switch. Each threshold defines
the number of violations that must occur within a globally configured detection window before an
alarm is generated and mitigation is performed.

In addition to a configurable threshold, each violation can also be configured with a specific
time-to-filter value which determines how long an MU will be blacklisted when a threshold is
reached. This allows the RF Switch to perform automatic mitigation against violations without
manual intervention from network administrators.

Applications

Integrated WIDS security features are intended for small, medium and large customer
deployments who require basic rogue AP detection, rogue AP containment and wireless intrusion
detection. The integrated security features can be deployed in any enterprise environment and
industry vertical to provide detection and mitigation from potential threats.

Restrictions

The integrated security features provide basic protection against unauthorized APs and wireless
threats. Additional protection can be provided by deploying the Brocade AirDefense Enterprise
solution, which is an industry leading Wireless IPS system that seamlessly integrates with Brocade
Mobility RFS7000-GR Controllers and access points.

With built-in forensic support and industry standard reports for PCI, HIPAA, Sarbanes-Oxley, GLBA,
FDIC and DOD, Brocade's Wireless Intrusion Protection System (WIPS) provides powerful tools for
standards compliance, as well as around-the-clock 802.11a/b/g wireless network security in a
distributed environment. It allows administrators to identify and accurately locate attacks, rogue
devices, and network vulnerabilities in real time and permits both wired and wireless lockdown of
wireless device connections.

The AirDefense System provides the following advanced features:

•

24x7 Dedicated Sensors - Real-time identification of hackers, attacks and system weak spots.

•

Historical Database - By storing and managing more than 270 data points per connection per
wireless device per minute, the product provides a highly accurate assessment of wireless
threats including anomalies and zero-day attacks. Allows viewing of events months later to
improve network security posture and assist in forensic investigations.

•

Forensic Support - Pertinent historical data supports advanced forensics such as time of
attack/breach, entry point used, length of exposure, systems compromised, device activity
logs and transfers of data.

Excessive EAP Start Frames

Frames with Non-Changing WEP IV

Null Destination

Detect Adhoc Networks

Same Source / Destination MAC

De-Authentication from Broadcast
Source MAC

Source Multicast MAC

Invalid Sequence Number

Excessive Probes

TKIP Countermeasures