PRODUCT GUIDE Wireless Intrusion Prevention Systems

Similar documents
Wireless Network Security

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

ARUBA INSTANT ROGUE AP TROUBLESHOOTING

FIPS Validated i WLAN

Overview. Information About wips CHAPTER

Requirements for Building Effective Government WLANs

WIDS Technology White Paper

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Wireless Attacks and Countermeasures

Managing Rogue Devices

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

What is Eavedropping?

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Configuring Security Solutions

Mobile Security Fall 2013

Wireless LAN Security (RM12/2002)

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Configuring Security Solutions

Managing Rogue Devices

Detecting & Eliminating Rogue Access Point in IEEE WLAN

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Multipot: A More Potent Variant of Evil Twin

Securing Your Airspace with WatchGuard s Wireless Intrusion Prevention (WIPS)

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Wireless technology Principles of Security

EXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.

Chapter 24 Wireless Network Security

Requirements from the

Wireless IDS Challenges and Vulnerabilities. Joshua Wright Senior Security Researcher Aruba Networks

WIRELESS EVIL TWIN ATTACK

TestsDumps. Latest Test Dumps for IT Exam Certification

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

The Aruba S3500 Mobility Access Switch

Secure Mobility Challenges. Fat APs, Decentralized Risk. Physical Access. Business Requirements

AirMagnet Enterprise DATASHEET

Wireless KRACK attack client side workaround and detection

Wireless Network Security Spring 2016

Wireless Network Security Spring 2015

Creates a Feature-Rich, Enterprise-Grade Wireless LAN

Samsung Security AP WHITE PAPER

Wi-Net Window and Rogue Access Points

CiscoWorks Wireless LAN Solution Engine Express 2.13

Cisco Questions & Answers

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

5 Tips to Fortify your Wireless Network

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Alarms and Events. Using the Alarm Summary CHAPTER

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

COPYRIGHTED MATERIAL. Contents

Chapter 1 Describing Regulatory Compliance

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

CSA for Mobile Client Security

Monitoring Wireless Devices

Payment Card Industry (PCI) Data Security Standard

AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE

Configuring Management Frame Protection

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Wireless and Network Security Integration Solution Overview

Wireless Attacks and Defense. By: Dan Schade. April 9, 2006

PRODUCT LINE MATRIX: Mobility Controllers

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Wireless Network Standard

Information Technology Policy Board Members. SUBJECT: Update to County WAN/LAN Wireless Standards

LESSON 12: WI FI NETWORKS SECURITY

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Real4Test. Real IT Certification Exam Study materials/braindumps

Wireless Intrusion Detection System

Cisco Exactexams Questions & Answers

802.11ac 3x3 Dual Band High-Powered Wireless Access Point/Client Bridge

Exam Questions CWSP-205

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

CWAP-402.exam. Number: CWAP-402 Passing Score: 800 Time Limit: 120 min File Version: CWAP-402

CWNA Exam PW0-100 certified wireless network administrator(cwna) Version: 5.0 [ Total Questions: 120 ]

WHITE PAPER. PCI Wireless Compliance Demystified Best Practices for Retail

Ethical Hacking and Prevention

Department of Public Health O F S A N F R A N C I S C O

ArubaOS 6.2. Quick Start Guide. Install the Controller. Initial Setup Using the WebUI Setup Wizard

Chapter 1 B: Exploring the Network

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

Wireless LAN Security & Threat Mitigation

Cisco Actualtests Exam Questions & Answers

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

NETWORK SECURITY. Ch. 3: Network Attacks

PrecisionAccess Trusted Access Control

AirMagnet Enterprise DATA SHEETS PRINT

Wednesday, May 16, 2018

Wireless# Guide to Wireless Communications. Objectives

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Cisco NCS Overview. The Cisco Unified Network Solution CHAPTER

CCNA 3 (v v6.0) Chapter 4 Exam Answers % Full

Configuring Layer2 Security

How Insecure is Wireless LAN?

CND Exam Blueprint v2.0

Technology Solution Guide. Deploying Entuity s Eye of the Storm with Aruba Networks Secure Mobility Solution

An Integrated Scheme for Intrusion Detection in WLAN +

Obstacle Avoiding Wireless Surveillance Bot

Transcription:

PRODUCT GUIDE Wireless Intrusion Prevention Systems The Need for Wireless INTRUSION PREVENTION SYSTEMS A Wireless Intrusion Prevention System (WIPS) is designed to address two classes of challenges facing today s network manager. First is the threat of uncontrolled wireless devices. Wireless is inside almost every organization, whether sanctioned by IT or not. One of the more dangerous forms this takes is the rogue AP a standard Wi-Fi access point deployed by an employee or some other person outside the IT organization. When these rogue APs are connected to an enterprise network, they introduce security holes that may be exploited by an attacker. Another form of uncontrolled wireless is the Wi-Fi enabled laptop, PDA, or phone. Almost all laptops manufactured today include Wi-Fi built in, and the threat of end users misconfiguring these devices and compromising network security is very real. Some users may enable bridging between a wired network and a wireless network, while other users may form ad-hoc peer to peer Wi-Fi networks which may be intercepted by an intruder. All organizations regardless of plans for general Wi-Fi deployment should put measures in place to protect against uncontrolled wireless. If a general Wi-Fi deployment is in place, a second class of challenges presents itself detecting and defending against a wireless attacker. At a basic level, all wireless networks are vulnerable to denial-of-service attacks caused by jamming, flooding of traffic, or malicious manipulation of control and management network traffic. A WIPS can detect such attacks, localize them, and notify an administrator. Next, some types of Wi-Fi networks, particularly open networks or those based on WEP encryption, are vulnerable to a class of attacks such as impersonation, man-in-the-middle, and injection. A WIPS will detect and prevent these types of attacks. Aruba s WIPS Product Offerings Four major classifications of WIPS exist in the market: Wired Rogue Detection Focused on scanning wired and wireless networking equipment to identify rogue APs. Does not use any wireless sensors of its own. On-demand systems Offer portable, on-demand scanning and monitoring for situations where full-time monitoring is not required. Installed on a laptop. Overlay Infrastructure (permanently installed) system that can enforce no-wireless policies or monitor and protect an alreadyinstalled WLAN through a network of sensors communicating with a central server. An overlay WIPS is not part of the WLAN access network, and thus can be used with any vendor s WLAN equipment. Integrated Infrastructure (permanently installed) system that can enforce no-wireless policies or monitor and protect an installed WLAN. In an integrated system, the WIPS is part of the WLAN access network APs can act as hybrid devices by simultaneously serving wireless clients while monitoring for WIPS events. Of the architectures described above, Aruba Networks offers products in all four categories. Each solution offers industry-leading performance and features within their categories. WIRED ROGUE DETECTION The software module is designed for organizations that do not have wallto-wall coverage with RF sensors, but still need to defend their networks against rogue APs. automatically detects and locates unauthorized access points through a combination of wireless and wired network scans. First, the software can use existing authorized APs and wireless LAN controllers to scan the airspace for any unauthorized devices in range. Second, queries wired switches and routers, and scans the wired network to determine whether any unknown devices that are likely rogue APs are connected. Even without an installed wireless LAN, can ensure no rogue APs are on the network. can also be combined with an Aruba or other third-party Wireless Intrusion Prevention System to increase their joint effectiveness. On-Demand For occasional WIPS monitoring or on-demand scanning, Mobile delivers all the power of an infrastructure WIPS in a portable form factor. Mobile Mobile is a powerful, portable suite for vulnerability assessments, incident response and surveying. It is the industry s most complete wireless analysis tool to help design, maintain, and secure wireless networks. Running on a

Windows-based laptop and designed for walk-around use, Mobile can be used for locating suspect devices, conducting security audits, site surveys and troubleshooting whether a wireless LAN (WLAN) has been deployed or not. The Mobile system also helps organizations enforce both no wireless policies and WLAN security best practices, as well as ensure compliance with regulations and corporate security policies. OVERLAY is an infrastructurebased two-tier WIPS consisting of a network of sensors, built from Aruba s line of access points, and a centralized server running software. This powerful wireless security solution incorporates the industry s only Wireless Threat Protection Framework for complete threat detection, attack prevention, no wireless policy enforcement and compliance reporting inside the enterprise. secures your wireless network against intrusions that are perpetrated intentionally and from vulnerabilities caused unintentionally through misconfigured network equipment. The solution can be deployed standalone, with no wireless LAN present, or as an overlay to monitor any vendor s wireless LAN equipment. Integrated For organizations that have deployed wireless LAN access using Aruba mobility controllers, or for organizations who wish to enforce a no-wireless policy today but plan to enable wireless in the WIP future, Aruba mobility controllers running include a built-in cost-effective WIPS solution. In this architecture, a network of access points is deployed to provide wireless monitoring coverage throughout a facility. Access points can be configured in dedicated air monitor mode where only scanning and WIPS functions are performed, or as hybrid APs that perform WIPS functions while simultaneously serving WLAN clients. is a modular operating system consisting of multiple licensed software packages. In the base operating system, performs rogue AP detection and containment. With the addition of the Wireless Intrusion Prevention software module, the system is transformed into a full WIPS protecting against malicious attacks as well as misconfigured or uncontrolled wireless devices. How to Choose Each Aruba WIPS product contains industry-leading functionality within its category. The architecture of your wireless network will often help determine which product is right for your organization. Where portable, on-demand monitoring is needed, Mobile is the solution of choice. For infrastructure (permanently installed) systems, the following table presents a summary of the differences between each Aruba WIPS product. Infrastructure WIPS Feature Table Cost Scanning $ $ $$ $$$ Scanning Type Wired All valid 802.11 channels All valid 802.11 channels TotalWatch Hybrid APs (Simultaneous WLAN access and WIP monitoring) Rogue AP Detection Future release Rogue AP Detection Detection without APs or sensors deployed Rogue AP Classification Comparing MAC addresses on wireless and wired Packet injection (Open and WEP rogues) Comparing MAC addresses with CAM tables from network switches Rogue AP Containment Techniques Future release Wireless (De-auth method) Wireless (Tarpit method) Wired (SNMP-based shut down of wired switch port) Wired (wired laser beam) Future release Intrusions / Events Security - Vulnerability AP Broadcasting SSID AP is not using encryption AP is using default SSID

AP is sending encrypted and unencrypted data Ad-hoc network operating Client is not using encryption Client is sending encrypted and unencrypted data Detected Soft AP Detected AP/Client State change NetBIOS Traffic Station is operating as Unauthorized type Station is using Weak WEP IVs Security - Threat AP is using Hotspot SSID Authorized AP denied association Authorized AP denied authentication Client probing for any access point NetStumbler detected Unauthorized AP detected Unauthorized ad-hoc client detected Unauthorized client detected Wellenreiter detected Security Attack - Intrusion AP channel change AP SSID changed ASLEAP attack detected Adhoc SSID same as authorized AP AirJack attack detected Airsnarf attack detected Aruba attack Broadcast Disassociation packet Broadcast deauthentication packet Client (authorized) connected to rogue AP Client (rogue) connected to authorized AP Constant traffic sent/received by rogue AP Fake AP operating Fake Client operating Fata-jack attack detected Fragmentation attack detected Hotspotter attack detected Improper broadcast packet Possible ARP Poison - IP hijack Possible ARP Poison - multi IP hijack Possible ARP Worm traffic Possible Aireplay WEP attack in use Possible IP Worm traffic Service VAN nearby Spoofed MAC address 1 Spurious traffic sent by AP Spurious traffic sent by client Station is using random MAC address 1 Detected as sequence number anomaly

Suspected Evil Twin Attack Unauthorized AP using same SSID as Authorized AP WEPWedgie attack detected Wrong beacon channel number reported Security Attack - DOS AP Overloaded Association storm Authentication storm Deauthentication storm Disassociation storm Duration attack detected EAPOL Logoff storm EAPoL start storm Omerta attack RF Jamming detected Unmodified Omerta attack Operational - Performance Channel with too many APs Channel with excessive errors Client rate support mismatch Station with excess retransmissions Operational AP reported a problem to a client AP supports Multiple SSIDs Access Point restarted Authorized AP is down Client BSSID changed Client reported a problem to AP Client notified AP that it is leaving Constant traffic sent/received by authorized client New AP discovered New Ad-hoc client discovered New Client discovered Radar interference detected Turbocell detected WDS in Operation/Bridging Advanced WIP features PolicyEnforce (Customized security policy creation and enforcement) User Defined Signatures Forensics Reporting Compliance Reporting - PCI Compliance Reporting - HIPAA Compliance Reporting - SOX Standard security reports Custom report generation

How to Order The module is included at no extra charge in the Wireless Management Suite. Mobility Software rogue AP detection and containment is enabled in the base operating system, without the need for additional software licenses. To enable full WIP functionality, install the appropriate WIP software licenses from the table below. A WIP license must be installed on each mobility controller in the network. WIP functionality is purchased according to the number of APs connected to the mobility controller. The Aruba 200, 800, 2400, 6000-SC1, and 6000- SC2 mobility controllers are fixed-capacity systems; WIP licenses are purchased for the full capacity of the system. The Aruba 3000 series and 6000-M3 Multi-Service Mobility Controllers are variable-capacity systems that support different numbers of APs based on software licenses. For these systems, order enough WIP licenses to support the total licensed AP capacity of the system. For example, if the mobility controller is licensed for 128 campus-connected APs and 16 Remote APs, the WIP license capacity must equal at least 144. Part number Description The following licenses are only applicable for the Aruba 200, 800, 2400, 6000 SC-1, and 6000 SC-2 Mobility Controllers. LIC-200-WIP LIC-804-WIP LIC-800-WIP 804-UG-WIP-1 LIC-2400-WIP LIC-SC1-WIP-48 LIC-SC1-WIP LIC-SC2-WIP LIC-SC1-WIP-UG-1 A200 (6 AP License)) A800-4 (4 AP License) A800-16 (16 AP License) Up grade LIC-804-WIP to LIC-800-WIP A2400-48 (48 AP License) Aruba Supervisor Card I (48 AP) Aruba Supervisor Card I (128 AP) Aruba Supervisor Card II (256 AP) Wireless Intrusion Protection for Sup. Card I (Upgrade 48 AP to 128 AP) The following licenses are only applicable for the M3 and 3000 Series Multi-Service Mobility Controllers. The number of WIP licenses must be equal to the total licensed AP capacity of the mobility controller. Example: If the mobility controller is licensed for 128 campus-connected APs and 16 Remote APs, the WIP license capacity must equal at least 144. LIC-WIP-8 LIC-WIP-16 License (8 AP Support) License (16 AP Support) LIC-WIP-32 LIC-WIP-64 LIC-WIP-128 LIC-WIP-256 LIC-WIP-384 LIC-WIP-512 License (32 AP Support) License (64 AP Support) License (128 AP Support) License (256 AP Support) License (384 AP Support) License (512 AP Support) is delivered as installable software on a CD- ROM. You will need a permanently installed server meeting the minimum system requirements (available in the datasheet) to run the software. is licensed according to the number of sensors it supports, with sensor licenses available in increments of one. Part number RFP-1088-01-W RFP-1088-10-W RFP-1088-100-W RFP-1088-01-L RFP-1088-10-L RFP-1088-100-L Description (Windows) - up to 1 sensor (Windows) - up to 10 sensors (Windows) - up to 100 sensors (Linux) - up to 1 sensor (Linux) - up to 10 sensors (Linux) - up to 100 sensors LIC-RFP-1 RFProtect Expansion License - 1 sensor upgrade LIC-RFP-10 RFProtect Expansion License - 10 sensor upgrade LIC-RFP-100 RFProtect Expansion License - 100 sensor upgrade LIC-RFP-UL-1 Mobile Unlimited Sensor Expansion License for RFProtect Server Mobile is distributed as installable software on a CD-ROM. You will need a laptop meeting the minimum system requirements (available in the Mobile datasheet) and with a supported Wireless LAN adapter. RFP-1012-6 RFProtect Mobile Software www.arubanetworks.com 1344 Crossman Avenue. Sunnyvale, CA 94089 Tel. +1 408.227.4500 Fax. +1 408.227.4550 2008 Aruba Networks, Inc., Aruba Networks, Aruba Mobility Management System, Bluescanner, For Wireless That Works, Mobile Edge Architecture, People Move. Networks Must Follow, RFProtect, The All Wireless Workplace Is Now Open For Business, Green Island, and The Mobile Edge Company are trademarks of Aruba Networks, Inc. All rights reserved. All other trademarks are the property of their respective owners. PG_WIPS_US_080715

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback