Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave
161162163164165166167168169170
Dell PowerConnect W-AirWave 7.4 | User Guide Using RAPIDS and Rogue Classification | 167
Chapter 7
Using RAPIDS and Rogue Classification
This chapter provides an overview to rogue device and IDS event detection, alerting, and analysis using RAPIDS,
and contains the following sections:
“Introduction to RAPIDS” on page167
“Viewing Rogues on the RAPIDS > List Page” on page176
“Setting Up RAPIDS” on page169
“Defining RAPIDS Rules” on page172
“Score Override” on page180
“Using the Audit Log” on page181
“Additional Resources” on page182
Introduction to RAPIDS
Rogue device detection is a core component of wireless security. With RAPIDS rules engine and containment
options, you can create a detailed definition of what constitutes a rogue device, and quickly act on a rogue AP for
investigation, restrictive action, or both. Once rogue devices are discovered, RAPIDS alerts your security team of
the possible threat and provides essential information needed to locate and manage the threat.
RAPIDS discovers unauthorized devices in your WLAN network in the following ways:
Over the Air
Using your existing enterprise APs
Optional AirWave Management Client (AMC)
On the Wire
Polling routers and switches to identify, classify, and locate unknown APs
Using HTTP and SNMP scanning
Using the controller’s wired discovery information
Furthermore, RAPIDS integrates with external intrusion detection systems (IDS), as follows:
Dell WIP—Dell PowerConnect W’s Wireless Intrusion Protection (WIP) module integrates wireless
intrusion protection into the mobile edge infrastructure. The WIP module provides wired and wireless AP
detection, classification and containment; detects DoS and impersonation attacks; and prevents client and
network intrusions.
Cisco WLSE (1100 and 1200 IOS)—AMP fetches rogue information from the HTTP interface and gets new
AP information from SOAP API. This system provides wireless discovery information rather than rogue
detection information.
AirMagnet Enterprise—Retrieves a list of managed APs from AMP.
AirDefense—Uses the AirWave XML API to keep its list of managed devices up to date.
WildPackets OmniPeek—Retrieves a list of managed APs from AMP.
NOTE: To set up a scan, refer to “Discovering and Adding Devices” on page 107.