User's Guide
Table Of Contents
- About This Guide
- Introduction
- AirTight Management Console Configuration
- Configure Language Setting
- Configure Time Zone and Tag for Location
- User Management
- User Authentication
- Wireless Intrusion Prevention System
- Manage WiFi Access
- Configure Device - Server Communication Settings
- Manage Policy Templates
- Manage Authorized WLAN Policy
- View High Availability Status for Server
- View/Upgrade License Details
- Manage Look and Feel of Reports
- Configure NTP
- Configure RF Propagation Settings
- Configure Live RF View Setting
- Configure Location Tracking
- Manage Auto Location Tagging
- Set up and Manage Server Cluster
- Manage Vendor OUIs
- Manage Device Template
- Configure SMTP Settings
- View System Status
- Upgrade Server
- Configure Auto Deletion Settings
- Manage Audit Log Settings
- Configure Integration with Enterprise Security Management Servers
- Manage WLAN Integration
- Manage AirTight Mobile Clients
- AirTight Mobile Settings
- Manage AirTight Mobile Clients
- Add AirTight Mobile Group Manually
- Edit AirTight Mobile Group
- Attach Policy to AirTight Mobile Group
- Overwrite Existing Policy for AirTight Mobile Group
- Detach Policy from AirTight Mobile Group
- View AirTight Mobile Group Policy in HTML Format
- View AirTight Mobile Group Policy in XML Format
- Activate Automatic Client Grouping
- Apply Default Policy to New Groups
- Print List of AirTight Mobile Groups for Location
- Delete AirTight Mobile Group
- Dashboard
- Devices
- AirTight Devices
- Device Properties
- View Visible LANs
- View Visible APs
- View Visible Clients
- View Active APs
- View Active Clients
- View AirTight Device Events
- View Channel Occupancy
- View Interference
- View Mesh Network Links
- Search AirTight Devices
- Sort AirTight Devices
- Change Location
- Print AirTight Device Information for Location
- Reboot Device
- Troubleshoot Device
- Upgrade or Repair Device
- Enable Pagination for AirTight Device Listing and Set Page Size
- Disable Pagination for AirTight Device Listing
- Add Custom Filter
- Edit Custom Filter
- Delete Custom Filter
- Delete Device
- Monitor Clients
- View Client Properties
- View Recently Associated APs/Ad hoc networks
- View Events related to Client
- View Client Retransmission Rate Trend
- View Devices Seeing Client
- View Client Average Data Rate
- View Client Traffic
- Change Client Location
- Quarantine Client
- Disable Auto Quarantine/Exclude Device from Intrusion Prevention Policy
- Add to banned list
- Classify / Declassify as Smart Device
- Change Client Category
- Reset Data Transmitted by Client
- Locate Client
- View Recently Probed SSIDs
- Troubleshoot Client
- Debug Client Connection Problems
- Download Connection Log
- Delete Connection Log History
- Enable Pagination for Client Listing and Set Page Size
- Disable Pagination for Client Listing
- Add Custom Filter
- Edit Custom Filter
- Delete Custom Filter
- Print Client List for Location
- Delete Client
- Spectrogram
- Monitor Access Points (APs)
- View AP Properties
- View Recently Associated Clients
- View AP Utilization
- View AP Associated Clients
- View AP Traffic
- View AP Average Data Rate
- View Devices Seeing AP
- View AP Events
- Change AP Location
- Locate AP
- Quarantine an AP
- Change AP Category
- Disable Auto Quarantine
- Add to banned list
- Sort APs
- Filter AP Details
- Search APs
- Enable Pagination for AP Listing and Set Page Size
- Disable Pagination for AP Listing
- Add Custom Filter
- Edit Custom Filter
- Delete Custom Filter
- Print AP List for Location
- Merge APs
- Split AP
- Troubleshoot AP
- Delete AP
- Monitor Networks
- AirTight Devices
- Manage Locations and Location Layout
- Define Location Tree
- Add Location
- Edit Location
- Move Location
- Delete Location
- Search Locations
- Add Layout
- Edit Layout
- Delete Layout
- Show / Hide Location List
- Show/Hide Devices on Location Layout
- Place Devices/Locations on Location Layout
- Remove Devices/Locations from Location Layout
- View RF Coverage / Heat Maps
- Calibrate RF Views
- Zoom in / Zoom out Layout
- Adjust the Layout Opacity
- Add Note
- Edit Note
- Move Note
- Hide Notes
- Show Notes
- View Mesh Topology
- Hide Mesh Topology
- View and Manage Events
- View Events for Location
- View Deleted Events for Location
- Change Event Location
- Acknowledge Event
- Turn on Vulnerability Status for Event
- Turn off Vulnerability Status for Event
- Mark Event as Read
- Mark Event for Deletion
- Enable Pagination for Event Listing and Set Page Size
- Disable Pagination for Event Listing
- Add Custom Filter
- Edit Custom Filter
- Delete Custom Filter
- Print Event List for Location
- Forensics
- Reports
- Glossary of Icons
AirTight Management Console Configuration
31
Prevention Level enables you to specify a trade-off between the desired level of prevention and the
desired number of multiple simultaneous preventions across radio channels.
The greater the number of channels across which simultaneous prevention is desired, the lesser is the
effectiveness of prevention in inhibiting unwanted communication. Scanning for new devices continues
regardless of the chosen prevention level.
You can select from the following intrusion prevention levels:
•
Block: A single sensor can block unwanted communication on any one channel in the 802.11b/g band
and any one channel in the 802.11a band.
•
Disrupt: A single sensor can disrupt unwanted communication on any two channels in the 802.11b/g
band and any two channels in the 802.11a band.
•
Interrupt: A single sensor can interrupt unwanted communication on any three channels in the
802.11b/g band and any three channels in the 802.11a band.
•
Degrade: A single sensor can degrade the performance of unwanted communication on any four
channels in 802.11b/g band and any four channels in the 802.11a band.
Block is the most powerful prevention level, that is, it can severely block almost all popular Internet
applications including ping, SSH, Telnet, FTP, HTTP, and the like. However, at this level, a single sensor
can simultaneously prevent unwanted communication on only one channel in the 802.11b/g band and
one channel in the 802.11a band. If you want the sensor to prevent unwanted communication on multiple
channels simultaneously in the 802.11 b/g and/or the 802.11a band, you must select other prevention
levels.
Note: Prevention Type determines the blocking strength to prevent communication from unwanted APs
and Clients. The system can prevent multiple APs and Clients on each channel. Prevention Type is not
applicable for Denial of Service (DoS) attacks or ad hoc networks. You must select a lower blocking level
to prevent devices on more channels. Choosing a lower blocking level means that some packets from the
blocked device may go through.
You can enable intrusion prevention against the following threats
•
Rogue APs: APs connected to your network but not authorized by the administrator; an attacker can
gain access to your network through the Rogue APs. You can also automatically quarantine
uncategorized, indeterminate and banned APs connected to the network.
•
Misconfigured APs: APs authorized by the administrator but do not conform to the security policy; an
attacker can gain access to your network through misconfigured APs. This could happen if the APs
are reset, tampered with, or if there is a change in the security policy.
•
Client Misassociations: Authorized Clients that connect to rogue or external (neighboring) APs;
corporate data on the authorized client is under threat due to such connections. AirTight recommends
that you provide automatic intrusion prevention against authorized clients that connect to rogue or
external APs.
There is a special intrusion prevention policy for the smart devices that are not approved. Even if a
current client policy restricts authorized clients from connecting to a guest AP, an unapproved smart
device can still be allowed to do so. One needs to explicitly allow or restrict unapproved smart devices
from connecting to a guest AP.
Click Special Handling for Smart Devices to enable special handling for unapproved smart devices.
You can allow the unapproved smart device to connect to a guest AP only. To do this,
1.
Select Enable Special Handling for Unapproved Smart Devices.
2.
Select Allow connection to Guest AP, but not Authorized AP.
To disallow the unapproved smart device from connecting to both a guest AP as well as an authorized
AP, select Do not allow connection to Guest AP and Authorized AP.