Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave
181182183184185186187188189190
Dell PowerConnect W-AirWave 7.6 | User Guide Using RAPIDS and Rogue Classification | 169
Chapter 6
Using RAPIDS and Rogue Classification
This chapter provides an overview to rogue device and IDS event detection, alerting, and analysis using RAPIDS,
and contains the following sections:
l "Introduction to RAPIDS" on page 169
l "Viewing Rogues on the RAPIDS > List Page" on page 179
l "Setting Up RAPIDS" on page 171
l "Defining RAPIDS Rules" on page 174
l "Score Override " on page 183
l "Using the Audit Log" on page 184
l "Additional Resources " on page 185
Introduction to RAPIDS
Rogue device detection is a core component of wireless security. With RAPIDS rules engine and containment
options, you can create a detailed definition of what constitutes a rogue device, and quickly act on a rogue AP for
investigation, restrictive action, or both. Once rogue devices are discovered, RAPIDS alerts your security team of the
possible threat and provides essential information needed to locate and manage the threat.
RAPIDS discovers unauthorized devices in your WLAN network in the following ways:
l Over the Air, using your existing enterprise APs or the optional AMP Management Client (AMC).
l On the Wire
n Polling routers and switches to identify, classify, and locate unknown APs
n Using the controller’s wired discovery information
n Using HTTP and SNMP scanning
NOTE: To set up a scan, refer to "Discovering and Adding Devices" on page 101.
Furthermore, RAPIDS integrates with external intrusion detection systems (IDS), as follows:
l Dell WIPDell PowerConnect W Series’ Wireless Intrusion Protection (WIP) module integrates wireless
intrusion protection into the mobile edge infrastructure. The WIP module provides wired and wireless AP
detection, classification and containment; detects DoS and impersonation attacks; and prevents client and
network intrusions.
l Cisco WLSE (1100 and 1200 IOS)—AirWave fetches rogue information from the HTTP interface and gets new
AP information from SOAP API. This system provides wireless discovery information rather than rogue detection
information.
l AirMagnet EnterpriseRetrieves a list of managed APs from AirWave.
l AirDefense—Uses the AirWave XML API to keep its list of managed devices up to date.
l WildPackets OmniPeekRetrieves a list of managed APs from AirWave.