Specifications
Intrusion Detection Configuration 315
Chapter 15
FIGURE 15-8 Sequence Number Analysis
Configuration parameters are:
Enable Sequence Number Discrepancy Checking – Enables and disables the
feature.
Sequence Number Difference Threshold – The maximum allowable tolerance
between sequence numbers within a specific time interval.
Sequence Number Checking Time Tolerance – The time interval in which
sequence numbers must exceed the sequence number difference threshold in
order for an alarm to be triggered.
Sequence Number Checking Quiet Time – After an alarm has been triggered,
the amount of time that must pass before another identical alarm may be
triggered.
The equivalent CLI configuration for the above example is:
wms
ids-policy sequence-check enable
ids-policy sequence-diff 100
ids-policy sequence-time-tolerance 500
ids-policy sequence-quiet-time 900
AP Impersonation Protection
AP impersonation attacks can be done for several purposes, including as a
Man-In-the-Middle attack, as a rogue AP attempting to bypass detection, and
as a possible honeypot attack. In such an attack, the attacker sets up an AP
that assumes the BSSID and ESSID of a valid AP. To configure AP
Impersonation Detection and Protection, navigate to
Configuration > Wireless
LAN Intrusion Detection > Man-in-the-Middle > AP Impersonation
as shown in the
figure below.