User's Manual
Table Of Contents
- User Guide
- Table of Contents
- Definitions and Terminology
- References
- Introduction
- Expert Analysis Functions Enabled by Sensor
- Enforce Security Policy
- Detect Wireless Intruders and Attacks
- Lock In Network Performance
- Ensure Network Reliability
- Centralizing System Management
- Enable Flexible Configuration and User Access
- Enable Graphics User Interface from Anywhere in the Network
- Enable Remote Troubleshooting and Active Tools
- Low Overhead On Operational Network
- AirMagnet Sensor Operation Modes
- Hardware Specifications
- Sensor Powering Options
- Appendix A: FIPS-Required Features
- Use of TLS Protocol for Secure Communication
- Limited Logon Attempts
- Length of Password Word
- Automatic Self Checking and Module Integrity Checking
- Change of Shared Secret Key via Secure Communication
- Password Encrypted in FIPS-Approved Algorithms
- Securing the Sensor with the Tampering-Proof Tape
- Periodical Inspection of the Module for Evidence of Tamperin
AirMagnet Sensor Operation Modes
The Sensor has three operational modes, configuration mode, analysis mode, and active control
mode.
Configuration Mode
The Airmagnet Sensor can be configured both with a serial command line interface (CLI) and
secure HTTPS communications with a remote browser. Key parameters that need to be
configured prior to placing the sensor online include provisioning of the unit’s network
addressing, the server’s network addressing, and the secret key needed for connection to the
server and for administrator logon-override functions. Once the unit is configured it is placed on
the live network and powered up. The sensor can be powered either by an AC-to-DC power
brick or Power-over-Ethernet using an AirMagnet in-line power injector.
After configuration the unit boots up, connects to the server, and receives any additional
configuration parameters. If the administrator has upgraded the sensor software on the server to
a new release, the sensor automatically downloads the software into memory and then writes it to
flash.
Analysis Mode
The majority of the time the sensor is in the analysis mode. The unit scans all configured
channels, measures signal and noise, gathers statistics on management and data traffic, analyzes
security mis-configurations and performance problems, and searches for issues such as rogue
access points and denial of service attacks.
All of the analyzed data is recorded in memory and is reported back to the management server
periodically. The reporting period for accumulated data is configurable. Whenever an event
occurs that generates an alert, such as a security mis-configuration, the alert is sent immediately
to the server.
The administrator can view the consolidated status of the entire network, a subset of the network,
or the specific set monitored and analyzed by an individual sensor. The AirMagnet Enterprise
Console tool is used to view this information collected on the server.
The Analysis mode can be administered from anywhere within the global enterprise network.
© 2004 AirMagnet
®
, Inc. All rights reserved. 11