MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

191

192

193

194

195

196

197

198

199

200

10 Intrusion detection system (IDS)

The intrusion detection system offers administrators the ability to proactively detect potential threats

to the wireless network. When enabled, IDS will detect and classify all wireless APs and client

stations operating within range providing a complete picture of all wireless activity in the area.

Supported products

IDS is available in controlled mode only. It is supported on the following products:

• HP MSM720 (Requires the Premium Mobility Controller license.)

• HP MSM760 (Requires the Premium Mobility Controller license.)

• HP MSM765 zl (Requires the Premium Mobility Controller license.)

• HP MSM775 zl (Requires the Premium Mobility Controller license.)

• HP MSM410

• HP 425

• HP MSM430

• HP MSM460

• HP MSM466/466-R

All IDS features will work on controller teams.

AP classification

AP classification is done through the use of automatic classification policies and manual overrides

that can be used by the administrator to address specific topology/environmental considerations.

Manual categorization will override automatic classification.

When relying solely on automatic classification, APs will be classified as follws:

• Authorized APs: APs that are discovered and managed by the controller (controlled mode

APs) are automatically classified as Authorized. You can also manually configure a list of

non-controlled APs that IDS should consider to be Authorized. Generally, these would be

third-party APs that you are aware of and are directly connected to the wired network.

• Rogue APs: APs that are found to be connected to the wired network and not Authorized are

classified as Rogue.

• External APs: There are APs that are not managed by the controller and are not connected to

the wired network. Essentially, these are APs that are not classified as either Authorized or

Rogue. Examples include in-range APs from neighboring companies, and autonomous APs.

The presence of non-sanctioned wireless APs (and ad-hoc networks) is potentially a very serious

security threat. IDS detects the following wireless network threats:

• Rogue APs

• Man–in–the–middle

• DoS disassociation flood

• DoS disassociation broadcast

• DoS association flood

• DoS deauthentication flood

• DoS deauthentication broadcast

• DoS authentication flood

196 Intrusion detection system (IDS)