Specifications
OmniAccess Reference: AOS-W System Reference
324 Part 031652-00 May 2005
configure detection of weak WEP implementations, navigate to Configuration >
Wireless LAN Intrusion Detection > Policies > Weak WEP
, as shown in the figure
below.
FIGURE 15-15 Weak WEP Detection
Equivalent CLI configuration for the example above is:
wms
global-policy detect-bad-wep enable
Multi-Tenancy Policies and Honeypot Defense
AOS-W provides the ability to configure reserved channel and SSID lists, and
disable unrecognized APs using these reserved resources. This feature can be
used in a multi-tenant building where different enterprises must share the RF
environment. This feature can also be used to defend against “honeypot” APs.
A “honeypot” AP is an attacker’s AP that is set up in close proximity to an
enterprise, advertising the ESSID of the enterprise. The goal of such an attack
is to lure valid clients to associate to the honeypot AP. From that point, a MITM
attack can be mounted, or an attempt can be made to learn the client’s
authentication credentials. Most client devices have no way of distinguishing
between a valid AP and an invalid one – the devices only look for a particular
ESSID and will associate to the nearest AP advertising that ESSID. To
configure multi-tenancy policies, navigate to
Configuration > Wireless LAN
Intrusion Detection > Policies > Multi Tenancy
, as shown in the figure below.