Cisco Cisco 5508 Wireless Controller 设计指南
1-48
Book Title
OL-xxxxx-xx
Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0
Adaptive WIPS Management Best Practices
–
WEP IV key reused
–
Device Using open authentication
–
Crackable WEP IV key used
–
Device using shared key authentication
–
Fast WEP crack tool detected
–
ChopChop attack
–
Fragmentation Attack
If LEAP authentication is not implemented in your wireless production network:
–
ASLEAP tool detected
•
Alarms based on spectrum analysis but Cisco CleanAir solution is in place.
If there are Cisco CleanAir-capable APs in your wireless production network, CleanAir solution will
provide a granular and accurate spectrum report and analysis and is the recommended solution for
those purposes.
provide a granular and accurate spectrum report and analysis and is the recommended solution for
those purposes.
–
DoS: RF jamming
–
DoS: Queensland University of Technology Exploit
•
Alarms based on specific functionalities or time:
–
Suspicious after-hours traffic detected.
If you have 24-hour operating venue, there is no need to have this alarm enabled.
–
PSPF violation detected
If P2P blocking is not required for your wireless production network, there is no need to enable this
signature to detect peer-to-peer communication.
signature to detect peer-to-peer communication.
•
Alarms may be outdated:
The following alarms may be outdated because they are used to detect attacks that may cause
wireless devices to crash. These types of attacks are only effective on wireless clients with very old
drivers, which are very rarely seen in today’s enterprise wireless network. They also have no impact
on Cisco wireless devices based on our deployment experience. Thus, it is recommended to disable
them.
wireless devices to crash. These types of attacks are only effective on wireless clients with very old
drivers, which are very rarely seen in today’s enterprise wireless network. They also have no impact
on Cisco wireless devices based on our deployment experience. Thus, it is recommended to disable
them.
–
Malformed 802.11 packets detected
–
Illegal Beacon
–
Beacon Fuzzed Frame Detected
–
Probe Request Fuzzed Frame Detected
–
Probe Response Fuzzed Frame Detected
•
Alarms that may cause unnecessary false positives given your RF environment:
–
Unauthorized Association Detected
In general, if you allow associated wireless clients to connect to SSIDs other than your managed
ones, this alarm can be disabled. Especially for retail and public Wi-Fi deployment, if you provide
Wi-Fi guest services for users, this alarm will be triggered a lot when it is enabled because users can
connect to your neighboring Wi-Fi network.
ones, this alarm can be disabled. Especially for retail and public Wi-Fi deployment, if you provide
Wi-Fi guest services for users, this alarm will be triggered a lot when it is enabled because users can
connect to your neighboring Wi-Fi network.
–
Hotspotter tool detected