User's Guide

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesWireless Security

1151

Table Of Contents

Table of Contents
Preface
- Conventions
  - Text Conventions
  - Terminology
- Providing Feedback
- Getting Help
- Documentation and Training
Introduction
- Scope of Documentation
Extreme AirDefense New User Experience
- Login to ADSP
  - Logout of AirDefense
- Download ADSP Toolkit
  - Download Toolkit from New User Interface
- Launch the Old User Interface
Dashboard
- View Dashboard
  - Set a Favorite Dashboard
- Create a Dashboard
- Manage Your Dashboard
- Delete the Dashboard
- Dashboard Widgets
Network View
- Network View - Network Snapshot
- Network Pane - Details View
Alarm View
- Object Missing
- Alarms - Details View
- Alarms Widget View
- Alarm Details List
Configuration
- Appliance Management
  - Appliance Settings
  - Backup / Restore Status
  - Certificate / Key Validation
    - Certificate Validation
    - Key Validation
  - Certificate Manager
  - Configuration Backup
  - Configuration Clear
  - Configuration Restore
  - Download Logs
    - Forensic and Log Backup
  - Language
  - Login / SSH Banners
  - Redundant Appliance Sync
- Structure Configuration
  - View And Manage Your Network Tree
  - Generate a Network Tree
  - Import the Network Tree
  - Floor Plans
- Auto-Placement Rules
  - View Auto-Placement Rules
  - Add an Auto-Placement Rule
  - Edit an Auto-Placement Rule
- Discovery Profile and Polling Configuration
  - Discovery Profile
  - Polling Configuration
    - Edit Polling Preferences
- Communication Profile
  - View Communication Profiles
  - Add a Communication Profile
  - Edit the Communication Profile
  - Delete Communication Profiles
- Security Profile
  - View Security Profile
  - Add a Security Profile
  - Edit a Security Profile
  - Delete a Security Profile
- Alarm Action Manager
  - View Alarm Action Manager Rule Set
  - Add Alarm Action Manager Rule Set
  - Edit Alarm Action Manager Rule Set
  - Delete Alarm Action Manager Rule Set
- Device Action Manager
  - View Device Action Manager Rule Set
  - Add a Device Action Manager Rule Set
  - Apply or Run the Device Action Manager Rule Sets
    - Apply Device Action Manager Rule Sets
    - Run Device Action Manager Rule Sets Manually
- Sensor Manager
  - Operation Tab
  - Settings Tab
- Alarm Configuration
- Wired Network Monitoring
- Performance Profile
  - View Performance Profile
  - Add Performance Profile
  - Apply Performance Profile
- Environment Monitoring
- Client Types
  - Manage Client Types
- Appliance Settings
- Device Age Out
- Configuration Backup
  - How Backups Work
  - View Backup Schedules
  - Scheduling Configuration Backup
- Forensic and Log Backup
  - Forensic Backup Configuration
  - Log Backup Configuration
- Configuration Restore
- Download Logs
  - Forensic and Log Backup
- Redundant Appliance Synchronization
  - How Synchronization Works
  - Synchronization Rules
  - _
  - Automatic Synchronization
  - Appliance Replacement Considerations
- Configuration Clear
- Language Settings
  - Change the Language
- License Management
  - Auto License Management
  - Add Licenses
  - Manage License Manually
- User Management
  - Manage User Accounts
  - User Group Management
  - User Profile Management
- Relay Server
  - Configure External Relay Server
  - Import Relay Servers
  - Internal Relay Server
- System Settings
  - Add System Log Server IP Address
System Overview
- AirDefense in Standalone Mode
- System Components
- System Requirements
- Version Compatibility for Upgrade
- Connecting to Hardware Appliance
- Configuring the Appliance
  - Add-On Modules
  - Hardware Dependencies
- System Configuration
- Selecting and Deploying APs and Sensors
- Connecting to the Network
- Assigning User Interfaces
- Basic Navigation
- Alarm Time Reporting
Extreme AirDefense on Virtual Platform
- Prerequisites
- Installing Extreme AirDefense 10.0 on VMware
- Install Extreme AirDefense on Xen Hypervisor
Menu
- Installing the Toolkit
- Open
  - Frame Capture Analysis
  - Spectrum Analysis
- Forensic Analysis-Basic
- Advanced Forensic Analysis
- Action Control
  - Action Control Table
  - Action Control Commands
- Reports
  - Web Reporting Interface
- Report Builder
- Connection Troubleshooting
- Scheduled AP Tests
  - Scheduled AP Test
    - On-demand AP Tests
    - AP Test License
- Scheduled Vulnerability Assessment
  - Scheduled Vulnerability Assessment
  - Vulnerability Assessment License
- Scheduled Events
  - Monitoring Scheduled Events
  - Altering Event Schedules
- Add Devices
- Import and Discovery
- Bluetooth Monitoring
AirDefense Dashboard
- The Dashboard
- Selecting Dashboard Scope
- Customizing Dashboard Views
  - View Customization
  - Draggable Components
- Dashboard Components
Network Tab
- Capabilities with a Central Management License
- Select-Network View
  - Show Menu
    - Viewing the Network
    - Types of Devices
  - Actions Menu
- Network Devices
- Association Tree
- Network Graph
- Network Filters
- Actions Menu
- Actions Descriptions
- Advanced Search
Alarms
- AirDefense Alarm Model
- Capabilities with a Central Management License
- Alarm Table
- Alarm Filters
- Alarm Categories and Criticality
  - Alarm Categories
  - Alarm Criticality
- Alarm Details
- Alarm Actions
Configuration Tab
- Search
- Appliance Platform
- Security & Compliance
- Network Assurance
- Infrastructure Management
- Operational Management
- Appliance Management
- Account Management
- Drop-down Menu Access
Security
- WIPS
- Planning Your Sensor Deployment
  - Deployment Considerations
- Physical and Electromagnetic Interference
  - Device Placement Considerations
- Planning Your Sensor Placement
- Sensor Monitoring
- Vulnerability Assessment
  - On-Demand Vulnerability Assessment
  - Scheduled Vulnerability Assessment
- WEP Cloaking
WLAN Management
- Infrastructure Management
- Operational Management
  - Pending State Audit
- Appliance Platform
  - Relay Server
  - Import Relay Server Information
Central Management Console
- Configuring Master/Slave Servers
  - Things to Remember
  - Sharing Certificates
- Adding a Slave Server
ADSPAdmin
- Accessing the ADSPadmin Console
- Manage System
- Manage the Database
- Software
- Configure AirDefense
Troubleshooting
- AP Testing
- Connection Troubleshooting
- Live RF
- Forensic RF
- Spectrum Analysis
- Advanced Spectrum Analysis
- Advanced Troubleshooting
- Assurance Suite (Network Assurance)
- Radio Share Network Assurance
- Customer Support
AirDefense Icons
- AirDefense Application Icons
- Wireless Client Icons
Legacy Content
- Menu
- AirDefense Dashboard
- Network Tab
- Alarms
- Configuration Tab
- Security
- WLAN Management
- Central Management Console
  - Configuring Master/Slave Servers
    - Things to Remember
    - Sharing Certificates
  - Adding a Slave Server
- ADSPAdmin
- Troubleshooting
- AirDefense Icons
  - AirDefense Application Icons
  - Wireless Client Icons
Glossary

wherever the feature is implemented. Synchronizing Accounts has a good example of how the

synchronization feature works.)

Note

You must have a Central Management license in order to use the Check Synchronization

feature.

Anomalous Behavior Alarms

Behavior Alarms track atypical device behavior based on a long term forensic baseline of devices at that

site. AirDefense utilizes the Forensic Datastore to monitor and store over 325 wireless statistics for each

device on a minute-by-minute basis. Statistical analysis is performed over 2 weeks of this historical data

to create a baseline of activity for devices. Events are generated when a device operates outside of its

normal behavior to alert the administrator of anomalous or suspicious behavior.

For example, consider a user device that has a wireless usage behavior baseline of basic web and email

access. A behavior event would be raised if this user then suddenly downloads signiﬁcant amount of

data after business hours, a time period when the station is not normally active. This anomalous

behavior could be indicative of a stolen or spoofed identity, or disgruntled employee that may be

downloading signiﬁcant amounts of conﬁdential and/or proprietary information. Behavior Alarms are

broken down into the following two sub-types:

• BSS Abnormal Activity - Anomalous behavior events speciﬁc to BSSs.

• Wireless Client Abnormal Behavior - Anomalous behavior events speciﬁc to Wireless Clients.

Alarm Library

To view a list of Behavior Alarms for each alarm sub-type, go to Conﬁguration > Operational

Management > Alarm Conﬁguration, open Anomalous Behavior, and then open the alarm sub-type to

see all the alarms associated with the sub-type.

Bluetooth Alarms

Bluetooth alarms provide 24x7 monitoring of Bluetooth devices in your network. The system can

automatically detect security threats from unsanctioned Bluetooth devices and proactively notify

administrators about the presence of these threats. The Bluetooth alarm sub-type is Bluetooth Devices:

• Rogue Bluetooth Device

• Rogue Bluetooth Device Out of Hours

• Unsanctioned Bluetooth Device

Alarm Library

To view a list of Bluetooth Alarms for each alarm sub-type, go to Conﬁguration > Operational

Management > Alarm Conﬁguration, open Bluetooth, and then open the alarm sub-type to see all the

alarms associated with the sub-type.

Exploits Alarms

Exploits are events in which a user is actively interacting with the wireless network or wireless medium.

By exploiting wireless vulnerabilities a malicious user could cause wireless network disruptions or use

the wireless medium to gain access to corporate resources and conﬁdential data. The vulnerabilities

may exists due to network conﬁguration, corporate policy, or an inherent ﬂaw in the 802.11 protocol. A

Operational Management

Legacy Content

1156 Extreme AirDefense User Guide for version 10.5.