When we detect an SSID being broadcast, we compare it to other known MAC addresses on the LAN. RSSI of the rogue SSID will be displayed on a map or floorplan indicating which AP's are able to 'hear' the rogue SSID with the strongest signal, along with information pertaining to when the SSID was seen, on which channels, the broadcast MAC (BSSID), the manufacturer and the reason the SSID was identified as rogue. Administrators may specify the same allow list, contain, alert, uncontain rules for BSSIDs contributing to the hidden SSID's seen by selecting the Hidden row and selecting the Broadcast MAC to apply the rule to.Īdditional information about a specific rogue SSID can be found by selecting the row of the rogue SSID in question. These can usually be ignored during common network operation, and are unlikely to result in noticeable RF interference. Note: A “hidden SSID” on the Air Marshal page is an SSID name that is not included in the beacons and probe responses for a particular BSSID. Specify to allow list, Contain, Alert or Uncontain the selected SSID(s) Select the check-box to the left of the SSIDįigure E. Selecting BSSID will ad a 'Matches MAC Address' policy entry to the respective SSID block list, allow list or alert table.įigure D. Selecting SSID will add an 'Exactly Matches' policy entry to the respective SSID block list, allow list or alert table on the Configure tab.
Specify if the policy should be applied by SSID or BSSID.
Select edit and specify if you'd like to allow list, contain, alert, or uncontain, as shown in Figure F. Select the check-box to the left of the SSID(s), as shown in Figure E. Locate the SSID that you wish to apply a policy to under the Rogue SSIDs or Other SSIDs tab. Navigate to Wireless > Monitor > Air Marshal . Follow the steps below to manually apply a security policy to an SSID. When a rogue SSID or other SSID has been identified by an AP, it can have a security policy manually applied to it. The remainder of this document describes in greater depth wireless threats and the necessary security measures required to remediate against these threats the conclusion then summarizes the setup and configuration process for Meraki’s Air Marshal WIPS platform in order to achieve the highest security protection possible. Once a threat has been detected, the WIPS platform should kick into gear to enact powerful policies, including intelligent auto-disablement of APs matching a pre-defined criteria and generating different tiers of e-mail alarms based on the type of threat in your airspace.Ĭisco Meraki’s Air Marshal mode allows network administrators to meet these requirements and design an airtight network architecture that provides an industry-leading WIPS platform in order to completely protect the airspace from wireless attacks. Additionally, a WIPS system should be configurable with intuitive auto-containment policies to facilitate preemptive action against rogue devices. To successfully protect an enterprise network, a Wireless Intrusion Prevention System (WIPS) should provide powerful wireless intrusion scanning capabilities, enabling detection and classification of different types of wireless threats, including rogue access points and wireless hackers. Wired network compromise: achieved by an unsuspecting employee or student plugging in a consumer-grade access point into the wired infrastructure and exposing the LAN to hackers. Network impersonation: achievable by purchasing any consumer-grade access point and copying an SSID, “tricking” clients into thinking that this SSID is available and snooping on their information transactions. Unfortunately, the tremendous growth in wireless has been accompanied with an increasingly widespread ability to obtain open-source hacking tools that can compromise a wireless network through impersonation of client devices and access points.Įxamples of Common Threats in a Modern WiFi Environment Data transmitted over wireless increasingly contains sensitive personal and financial data. Due to the widespread use of WiFi and variety of use cases (e.g., point-of-sale (POS) communications, corporate access, warehouse inventory, asset tracking, WiFi services for targeted advertising), the wealth of information transmitted across the wireless medium has skyrocketed. WiFi Internet access is critical for corporate communication in verticals including financial services, retail, and distributed enterprise. Secure WiFi access has become a critical component of enterprise networking. Wireless Security Threats in an Enterprise Environment Configuring Meraki’s Air Marshal WIDS/WIPS platform.
0 kommentar(er)
