Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
51525354555657585960
55
Application Note This IPS Data Collection SFR (IPS_SDC) is distinct from the wIPS Analysis SFR
(IPS_ANL) in that this SFR lists the wireless network events for which the MSE
performs data correlation, analysis, and generation of audit records of detected events
based on that analysis. Identity of the data source is used for detection of rogue APs and
rogue clients, and to allow correlation to an active list of malicious source addresses.
Signal strength measurements are included in analysis data to support location tracking
by the MSE through correlation of data from multiple APs.
6.1.46 IPS_ANL_(EXT).1 Extended: wIPS Analysis
IPS_ANL_(EXT).1.1 The TSF shall perform the following analysis functions(s) on all wireless data received:
a) signature check;
b) integrity check; and
c) measurement of signal strength.
IPS_ANL_(EXT).1.2 The TSF shall record within each analytical result at least the following information:
a) date and time of the event;
b) identity of the source and destination of the traffic;
c) AP identity; and
d) Basic wIPS events detected:
a. DoS Attack Detection including:
i. Association flood
ii. Authentication flood
iii. Unauthenticated Association
iv. Deauthentication broadcast attack
v. Deauthentication flood attack
vi. Disassociation broadcast attack
vii. Disassociation flood attack
b. Security Penetration Attack Detection including:
i. NetStumbler detected
ii. Wellenreiter detected
c. Events related to detection of ad-hoc 802.11 devices
d. Events related to detection of rogue clients
e. Spoofed 802.11 Management Frames
Application Note This wIPS Analysis SFR (IPS_ANL) is distinct from the IPS Data Collection SFR
(IPS_SDC)in that this SFR lists the wireless network events for which the AP performs
analysis, and generation of audit records of detected events based on that analysis.
6.1.47 IPS_RCT_(EXT).1 Extended: wIPS Reaction
IPS_RCT_(EXT).1.1 The TSF shall be able to take one or more appropriate actions listed below when an IPS
policy violation is detected:
a) Drop traffic that matches signatures listed in IPS_ANL_(EXT).1.1; and/or