Meraki MR34 Cloud Managed AP MR34-HW Prospecto
Los códigos de productos
MR34-HW
Threat Remediation using Meraki’s
Air Marshal WIPS platform
A careful study of the common wireless security threats has led to the development of Meraki’s
Air Marshal platform, which allows access points to be turned into dedicated WIPS sensors called
Air Marshal platform, which allows access points to be turned into dedicated WIPS sensors called
‘Air Marshal’ APs. Air Marshal is a WIPS platform which comes equipped with security alerting and
threat remediation mechanisms. This includes the following:
a. Monitoring and alerting: a robust and intuitive display of all of the threats for a particular
network, including auto-alerting based on the network administrator’s preferences. Monitoring
network, including auto-alerting based on the network administrator’s preferences. Monitoring
techniques include:
i. Rogue AP monitoring: Meraki APs scan across all 2.4 GHz and 5 GHz channels to build
a list of rogue access points in the nearby vicinity. In addition, further mechanisms are in
place to track APs on the wired LAN network by inspecting traffic on the wired port of the
place to track APs on the wired LAN network by inspecting traffic on the wired port of the
Meraki AP, and using this to build a list of rogue APs that may be on the wired LAN. E-mail
alerts will be triggered and sent based on parameters predefined by the network admin.
ii. Tracking ‘client straying’ of VIP clients: Air Marshal allows tagging of VIP clients and
an alert is sent if those clients connect to a unsanctioned SSID. Air Marshal does this
by monitoring traffic with the source MAC address of the VIP clients. Wireless devices
communicate with three types of 802.11 frames: management frames are used during the
probing and association process. Control and data frames are used when the client is
actually connected. If Air Marshal sees data frames originating from VIP clients which are
not connected to the corporate wireless network, an alert can be sent to administrators for
remediation.
probing and association process. Control and data frames are used when the client is
actually connected. If Air Marshal sees data frames originating from VIP clients which are
not connected to the corporate wireless network, an alert can be sent to administrators for
remediation.
b. Remediation mechanisms: Air Marshal APs come equipped with the ability to automatically
‘contain’ rogue APs and alert on rogue APs and accidental associations, allowing for
administrators to take physical action to remove rogue APs and recover straying devices.
Figure 4: Tracking accidental associations
Cisco Systems, Inc. | 500 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
7
Client accidentally
associates to Rogue AP
Air Marshal AP detects
data frames exchanged
Email alert sent to
network administrator