Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave
191192193194195196197198199200
Dell Networking W-AirWave 8.0 | User Guide Using RAPIDS and Rogue Classification | 198
Chapter 6
Using RAPIDS and Rogue Classification
This chapter provides an overview to rogue device and IDS event detection, alerting, and analysis using RAPIDS, and
contains the following sections:
l "Introduction to RAPIDS" on page 198
l "Viewing Rogues on the RAPIDS > List Page" on page 208
l "Setting Up RAPIDS" on page 200
l "Defining RAPIDS Rules" on page 203
l "Score Override " on page 212
l "Using the Audit Log" on page 214
l "Additional Resources " on page 214
Introduction to RAPIDS
Rogue device detection is a core component of wireless security. With RAPIDS rules engine and containment options,
you can create a detailed definition of what constitutes a rogue device, and quickly act on a rogue AP for investigation,
restrictive action, or both. Once rogue devices are discovered, RAPIDS alerts your security team of the possible threat
and provides essential information needed to locate and manage the threat.
RAPIDS discovers unauthorized devices in your WLAN network in the following ways:
l Over the Air, using your existing enterprise APs or the optional AirWave Management Client (AMC).
l On the Wire
n Polling routers and switches to identify, classify, and locate unknown APs
n Using the controller’s wired discovery information
n Using HTTP and SNMP scanning
To set up a scan, refer to "Discovering and Adding Devices" on page 124.
Furthermore, RAPIDS integrates with external intrusion detection systems (IDS), as follows:
l Dell WIP—The Dell Networking W-Series Wireless Intrusion Protection (WIP) module integrates wireless intrusion
protection into the mobile edge infrastructure. The WIP module provides wired and wireless AP detection,
classification and containment; detects DoS and impersonation attacks; and prevents client and network intrusions.
l Cisco WLSE (1100 and 1200 IOS)—AirWave fetches rogue information from the HTTP interface and gets new AP
information from SOAP API. This system provides wireless discovery information rather than rogue detection
information.
l AirMagnet Enterprise—Retrieves a list of managed APs from AirWave.
l AirDefenseUses the AirWave XML API to keep its list of managed devices up to date.
l WildPackets OmniPeekRetrieves a list of managed APs from AirWave.
Viewing Overall Network Health on RAPIDS > Overview
The RAPIDS > Overview page displays a page of RAPIDS summary information (see Figure 117). Table 94 defines the
summary information that appears on the page.