User's Guide

ManualsBrandsMojo Networks ManualsElectronicsAccess Point / Sensor

241

242

243

244

245

246

247

248

249

250

233

Forensics

You can drill down into forensic data about wireless threats detected in the network, using the Forensics

page.

AirTight Management Console captures important details about the detected threats and presents them in

an easy-to-understand format on the Forensics page. You can review details such as device identities

and configurations, connection records, device locations, system responses, and administrator actions

about the detected wireless threats under Forensics.

Note: The Forensics feature is available in specific deployments only.

The Forensics page shows the AP based threats and client based threats that have occurred at the

selected location. These threats for the selected location are displayed as lists and as pie charts. The lists

and the pie charts are displayed side by side. The list of AP based threats and their pie chart

representation are seen at the top. The list of client based threats and their pie chart representation are

seen at the bottom.

The pie charts display summary information about the threats.

AP Based Threats: These are threats where the main participating/effected device is an AP.

AP based threats are further categorized as follows.



Rogue AP

 Misconfigured AP

 Honeypot AP

 Banned AP

 DoS

Client Based Threats: These are threats where the main participating/effected device is a client.

Client based threats are further categorized as follows.



Unauthorized Association

 Misassociation

 Bridging Client

 Banned Client

 Ad hoc Networks

Click Devices at the top on the right side, to see a pie chart representation based on the AP types or

client types. 'Device' specifies the number of unique primary devices that were involved in a threat type.

Click Instances at the top on the right side, to view a pie chart representation based on the event types.

'Instance' specifies the number of threats of the respective type in the given time frame.

You can filter the threats based on the time elapsed. To do this, select Last 4 Hours, Last 12 Hours, Last

24 Hours, or Last 48 Hours from the Select Duration drop-down list. To view the threats based on a

custom time period, select Custom from Select Duration and choose a From date and To date and click

Apply.

View AP based /Client based Threat Details

When you click a threat type in the list of AP/client based threats, you can see all events that fall under

this threat type, and the list of devices participating in the respective events. This helps you drill down into

the details of the threat type and determine the actions taken after the AP based /client based threat was

detected.