Configuring Wireless Intrusion Detection System Settings

To configure the Wireless > IDS settings, complete the following steps:

At Group level

1	Navigate to the Wireless > IDS page.

2	Select an appliance Group from the Model View list.

 

3	Select Enable Client Null Probing Detection to enable client null probe detection.

4	Select Enable Association Flood Detection.

Hackers can cause a Denial-of-Service (DoS) attack by flooding a wireless network with association requests. The Enable Association Flood Detection option combats this.

a	The default association flood threshold is 10 association attempts within five seconds. To change this setting, enter new flood threshold values.

b	To block the MAC address of a computer or device attempting this attack, select the Block station's MAC address in response to an association flood field.

At Unit level

1	Navigate to the Wireless > IDS page.

2	Select a Unit from the Model View list.

 

To access a network, hackers can set up a rogue access point that will intercept communications with legitimate users attempting to access a legitimate access point. This “man-in-the-middle” attack can expose passwords and other network resources.

3	To enable detection of Rogue Access Points, select Enable Rogue Access Point Detection.

4	Click the Authorized Access Points pull-down and select a access point from the list.

5	Click Update. To put the IDS settings back to default, click Reset.

NOTE: IDS logging and notification can be enabled under Log > Enhanced Log Settings by selecting the WLAN IDS check boxes under the Categories section.