Profiles page appears.
||From the Select
a command drop-down list, choose
||Selecting a Profile Template
In the Profile
Parameters dialog box, choose a profile template from the Copy From drop-down
The wIPS comes
with a pre-defined set of profile templates from which you can select or use as
a basis for custom profiles. Each profile is tailored to either a specific
business or application as are the specific alarms enabled on that profile.
edit the default profile.
Figure 5. Profile Parameters Dialog
the NMSP session is active to push the profile to the controller.
a profile and entering a profile name, click
Edit. Fore more information, see the
wIPS Profiles section.
||Configure the SSIDs to
Configure SSIDs in the SSID Group List page. By default, a system monitors
attacks launched against the local Wireless LAN Infrastructure (as defined by
APs which have the same RF Group name). If the system should also be required
to monitor attacks against another network, such as when deployed in an overlay
deployment model, the SSID groups feature must be utilized.
If this step
is not required, simply click
Figure 6. SSID Groups Summary
MyWLAN check box and choose
Group from the drop-down list, then click
SSIDs to Monitor. This step is required if the system to be utilized to monitor
attacks against a different WLAN infrastructure is typical of an overlay
SSID name (separate multiple entries by a single space) and click
Groups page appears confirming that the SSIDs are added successfully. For more
information, see the
Configuring wIPS SSID Group List section.
Figure 7. New Profile > SSID
Policy and Policy Rules summary panes appear.
Figure 8. Next > Select Policy
To enable or
disable attacks to be detected and reported, select the check box next to the
specific attack type in question in the Select Policy pane.
||To edit the
profile, click the name of the attack type (such as DoS: Association flood).
configuration pane for that attack type appears in the right pane above the
policy rule description.
Figure 9. Policy Rules
||Editing the Policy
To modify a
policy rule, select the check box next to the policy rule in the Policy Rules
page and click
Rule Configuration dialog box appears. Configure the following in the
Configuration dialog box:
Figure 10. Policy
Rule Configuration Dialog Box
- Choose the
severity of the alarm to be modified from the
Severity drop-down list. The possible options are
- Select the
Containment check box to enable the auto containment action.
following security penetration attacks can be configured for Rogue AP
containment in Release 7.5:
- Select the
Forensic check box if you want to capture packets for this
- Modify the
number of active associations, if desired. (This value varies by alarm type.)
- Select the
type of WLAN infrastructure (SSID or Device Group) that the system monitors for
attacks from the
Group drop-down list.
select SSID, continue with Step 9.
select Device Group, continue with Step 10.
default types are Device Group and Internal. . Internal indicates all access
points within the same RF Group. Selecting SSID as the type allows you to
monitor a separate network, which is typical of an overlay deployment.
||Add Policy Rules
For overlay deployments only, to add a policy rule for an SSID, do the
To add a
policy rule, click
Figure 11. Adding a Policy
Rule Configuration dialog box, choose
from the SSID Group list.
already selected as the type.
after all changes are complete.
policy rule. Continue with Step 10 when all modifications are complete.
configure a system to monitor another WLAN infrastructure by SSID, changes must
be made for each and every policy rule to monitor. You must create a policy
rule under each separate alarm that defines the system to monitor attacks
against the SSID Group created earlier.
Figure 12. Edit Policy Rules for SSID
||In the Profile
Configuration dialog box, click
Save to save
the Profile (SSID or Device Group) and then click
Figure 13. Profile Configuration
MSE/Controller combinations to apply the profile to and then click
Figure 14. Apply Profile Dialog