SonicPoint_wlanSonicPointIdsView
SonicPoint > IDS
You can have many wireless access points within reach of the signal of the SonicPoints on your network. The SonicPoint > IDS page reports on all access points the SonicWALL security appliance can find by scanning the 802.11a and 802.11g radio bands.
Wireless Intrusion Detection Services
Intrusion Detection Services (IDS) greatly increase the security capabilities of the SonicWALL security appliance with SonicOS Enhanced by enabling it to recognize and even take countermeasures against the most common types of illicit wireless activity. IDS logging and notification can be enabled under Log > Categories by selecting the IDS checkbox under Log Categories and Alerts .
Intrusion Detection Settings
Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security. In general terms, an access point is considered rogue when it has not been authorized for use on a network. The convenience, affordability and availability of non-secure access points, and the ease with which they can be added to a network creates a easy environment for introducing rogue access points. Specifically, the real threat emerges in a number of different ways, including unintentional and unwitting connections to the rogue device, transmission of sensitive data over non-secure channels, and unwanted access to LAN resources. So while this doesn't represent a deficiency in the security of a specific wireless device, it is a weakness to the overall security of wireless networks.
The security appliance can alleviate this weakness by recognizing rogue access points potentially attempting to gain access to your network. It accomplishes this in two ways: active scanning for access points on all 802.11a, 802.11g, and 802.11n (SonicPointN only) channels, and passive scanning (while in Access Point mode) for beaconing access points on a single channel of operation.
Check Enable Rogue Access Point Detection to enable the security appliance to search for rogue access points.
The Authorized Access Points list determines which access points the security appliance will considered authorized when it performs a scan. You can select All Authorized Access Points to allow all SonicPoints, or you can select an address object group containing a group of MAC address to limit the list to only those SonicPoints whose MAC addresses are contained in the address object group.
Select Create Address Object Group to add a new group of MAC address objects to the list.
Note See “Network > Address Objects” for instructions on creating address objects and address object groups. Scanning for Access Points
Active scanning occurs when the security appliance starts up, and at any time Scan All is clicked on the SonicPoint > IDS page. When the security appliance performs a scan, a temporary interruption of wireless clients occurs for no more than a few seconds. This interruption manifests itself as follows:
Caution If service disruption is a concern, it is recommended that the Scan Now feature not be used while the SonicWALL security appliance is in Access Point mode until such a time that no clients are active, or the potential for disruption becomes acceptable. You can also scan on a SonicPoint by SonicPoint basis by choosing from the following options in the Perform SonicWALL Scan menu on the header for the individual SonicPoint:
Discovered Access Points
The Discovered Access points displays information on every access point that can be detected by the SonicPoint radio:
• SonicPoint : The SonicPoint that detected the access point.
• MAC Address (BSSID) : The MAC address of the radio interface of the detected access point.
• SSID : The radio SSID of the access point.
• Type : The range of radio bands used by the access point, 2.4 GHz or 5 GHz.
• Channel : The radio channel used by the access point.
• Manufacturer : The manufacturer of the access point. SonicPoints will show a manufacturer of either SonicWALL or Senao .
• Signal Strength : The strength of the detected radio signal
• Max Rate : The fastest allowable data rate for the access point radio, typically 54 Mbps.
• Authorize : Click the Authorize icon to add the access point to the address object group of authorized access points. View Style
If you have more than one SonicPoint, you can select an individual device from the SonicPoint list to limit the Discovered Access Points table to display only scan results from that SonicPoint. Select All SonicPoints to display scan results from all SonicPoints.
Authorizing Access Points on Your Network
Access Points detected by the security appliance are regarded as rogues until they are identified to the security appliance as authorized for operation. To authorize an access point, it can be manually added to the Authorized Access Points list by clicking edit icon in the Authorize column and specifying its MAC address (BSSID) along with an optional comment. Alternatively, if an access point is discovered by the security appliance scanning feature, it can be added to the list by clicking the Authorize icon.