Specifications
Intrusion Detection Configuration 321
Chapter 15
Wireless Bridge Detection
Wireless bridges are normally used to connect multiple buildings together.
However, an attacker could place (or have an authorized person place) a
wireless bridge inside the network that would extend the corporate network
somewhere outside the building. Wireless bridges are somewhat different
from rogue APs in that they do not use beacons and have no concept of
association. Most networks do not use bridges – in these networks, the
presence of a bridge is a signal that a security problem exists. To configure
detection of wireless bridges, navigate to C
onfiguration > Wireless LAN Intrusion
Detection > Policies > Wireless Bridge
, as shown in the figure below.
FIGURE 15-13 Wireless Bridge Detection
Configuration parameters are:
Enable Wireless Bridge Detection – Enable or disable the feature.
Wireless Bridge Detection Quiet Time - After an alarm has been triggered,
the amount of time that must pass before another identical alarm may be
triggered.
Equivalent CLI configuration for the example above is:
wms
ids-policy wbridge-check enable
ids-policy wbridge-quiet-time 900
Misconfigured AP Protection
If desired, a list of parameters can be configured that defines the
characteristics of a valid AP. This is primarily used when non-Alcatel APs are
being used in the network, since the Wireless LAN switch cannot configure
the 3
rd
-party APs. These parameters can include preamble type, WEP
configuration, OUI of valid MAC addresses, valid channels, DCF/PCF
configuration, and ESSID. The system can also be configured to detect an AP
using a weak WEP key. If a valid AP is detected as misconfigured, the system
will deny access to the misconfigured AP. In cases where someone gains
configuration access to a 3
rd
-party AP and changes the configuration, this