Profiles page appears.
||From the Select
a command drop-down list, choose
Figure 5. wIPS Profiles > Profile
||Selecting a Profile Template
In the Profile
Parameters dialog box, choose a profile template from the Copy From drop-down
The wIPS comes
with a pre-defined set of profile templates from which you can choose or use as
a basis for their own custom profiles. Each profile is tailored to either a
specific business or application as are the specific alarms enabled on that
edit the default profile.
Figure 6. Profile Parameters Dialog
the NMSP session is active to push the profile to the controller.
a profile and entering a profile name, click
Edit. Fore more information, see the
wIPS Profiles section.
||Configure the SSIDs to
Configure SSIDs in the SSID Group List page. By default, the system monitors
attacks launched against the local Wireless LAN Infrastructure (as defined by
APs which have the same RF Group name). If the system should also be required
to monitor attacks against another network, such as when deployed in an overlay
deployment model, the SSID groups feature must be utilized.
To enable or
disable attacks to be detected and reported, select the check box next to the
specific attack type in question in the Select Policy pane.
||To edit the
profile, click the name of the attack type (such as DoS: Association flood).
configuration pane for that attack type appears in the right pane above the
policy rule description.
Figure 11. Policy Rules
||Editing the Policy
To modify a
policy rule, select the check box next to the policy rule in the Policy Rules
page, and click
Rule Configuration dialog box appears. Configure the following in the
Configuration dialog box:
Figure 12. Policy
Rule Configuration Dialog Box
- Choose the
severity of the alarm to be modified from the
Severity drop-down list. The possible options are
- Select the
Containment check box to enable the auto containment action.
following security penetration attacks can be configured for Rogue AP
containment in Release 7.5:
AP or Host AP Detected
Airsnarf Attack Detected
Honeypot AP Detected
Hotspotter Tool Detected
Karma Tool Detected
Device Broadcast XSS SSID
- Select the
Forensic check box if you want to capture packets for this
- Modify the
number of active associations, if desired. (This value varies by alarm type).
- Select the
type of WLAN infrastructure (SSID or Device Group) that the system monitors for
attacks from the
Group drop-down list.
select SSID, continue with Step 9.
select Device Group, continue with Step 10.
Device Group (Type) and Internal are the defaults. Internal
indicates all access points within the same RF Group. Selecting SSID as the
type, allows you to monitor a separate network, which is typical of an overlay
||Add Policy Rules
For overlay deployments only, to add a policy rule for an SSID, do the
To add a
policy rule, click
Figure 13. Adding a Policy
Rule Configuration dialog box, choose
from the SSID Group list.
already selected as the type.
after all changes are complete.
policy rule. Continue with Step 10 when all modifications are complete.
configure a system to monitor another WLAN infrastructure by SSID, changes must
be made for each and every policy rule to monitor. You must create a policy
rule under each separate alarm which defines the system to monitor attacks
against the SSID Group created earlier.
Figure 14. Edit Policy Rules for SSID
||In the Profile
Configuration dialog box, click
Save to save
the Profile (SSID or Device Group). Click
Figure 15. Profile Configuration
MSE/Controller combinations to apply the profile to and then click
Figure 16. Apply Profile Dialog