150
Aruba AirOS
Part 0500036-02
v2.3 User Guide
January 2005
z
Misconfigured AP detection:
If desired, a list of parameters can be configured that
defines the characteristics of a valid AP. This is primarily used when non-Aruba APs are
being used in the network, since the WLAN switch cannot configure the 3
rd
-party APs.
These parameters can include preamble type, WEP configuration, OUI of valid MAC
addresses, valid channels, DCF/PCF configuration, and ESSID. The system can also be
configured to detect an AP using a weak WEP key. If a valid AP is detected as misconfig-
ured, the system will deny access to the misconfigured AP. In cases where someone gains
configuration access to a 3
rd
-party AP and changes the configuration, this policy is useful
in blocking access to that AP until the configuration can be fixed.
z
Weak WEP detection:
The primary means of cracking WEP keys is by capturing 802.11
frames over an extended period of time and searching for patterns of WEP initialization
vectors (IVs) that are known to be weak. The Aruba system will monitor for devices using
weak WEP implementations and generate reports for the administrator of which devices
require upgrades.
z
Multi Tenancy:
The Aruba system provides the ability to configure reserved channel
and SSID lists, and disable unrecognized APs using these reserved resources. This feature
can be used in a multi-tenant building where different enterprises must share the RF envi-
ronment. This feature can also be used to defend against “honeypot” APs. A “honeypot”
AP is an attacker’s AP that is set up in close proximity to an enterprise, advertising the
ESSID of the enterprise. The goal of such an attack is to lure valid clients to associate to
the honeypot AP. From that point, a MITM attack can be mounted, or an attempt can be
made to learn the client’s authentication credentials. Most client devices have no way of
distinguishing between a valid AP and an invalid one – the devices only look for a particu-
lar ESSID and will associate to the nearest AP advertising that ESSID.
z
MAC OUI:
The Aruba system provides the ability to match MAC addresses seen in the
air with known manufacturers. The first three bytes of a MAC address are known as the
MAC OUI (Organizationally Unique Identifier) and are assigned by the IEEE. Often, cli-
ents using a spoofed MAC address will not use a valid OUI, and instead use a randomly
generated MAC address. By enabling MAC OUI checking, administrators will be notified
if an unrecognized MAC address is in use.
Configuring Rogue AP Detection
Follow the steps below to configure the Aruba network to detect insecure APs and classify
them as rogue and interfering respectively as defined in the section above.
1
Navigate to the
Configuration > WLAN Intrusion Detection > Rogue AP
page on the
WebUI of the Master switch.
Summary of Contents for AirOS v2.3
Page 10: ...x Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 28: ...18 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 42: ...32 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 76: ...66 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 92: ...82 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 107: ...Configuring the Captive Portal 97 Chapter 7...
Page 136: ...126 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 155: ...Configuring Virtual Private Networks 145 Chapter 9...
Page 156: ...146 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 199: ...System and Network Management 189 Chapter 11 5 Click Done to make the modification...
Page 212: ...202 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 246: ...236 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...
Page 254: ...244 Aruba AirOS Part 0500036 02 v2 3 User Guide January 2005...