Manualshelf

User's Manual

ManualsBrandsSiemens Communications ManualsElectronicsHiPath Wireless AP, Altitude 450, Altitude 451
31323334353637383940
Working with the Mitigator
hwc_mitigator.fm
Analysis engine overview
A31003-W1050-U100-2-7619
, March 2008
286 HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide
9.4 Analysis engine overview
The Analysis engine relies on a database of known devices on the Controller,
Access Points and Convergence Software system. The Analysis engine
compares the data from the RF Data Collector with the database of known
devices.
This database includes the following:
Wireless APs – Registered with any HiPath Wireless Controller with its RF
Data Collector enabled and associated with the Analysis Engine on this
HiPath Wireless Controller.
Third-party APs – Defined and assigned to a VNS.
Friendly APs – A list created in the Mitigator user interface as potential rogue
access points are designated by the administrator as Friendly.
Wireless devices – Registered with any HiPath Wireless Controller that has
its RF Data Collector enabled and has been associated with the Analysis
Engine on this HiPath Wireless Controller.
The Analysis Engine looks for access points with one or more of the following
conditions:
Unknown MAC address and unknown SSID (critical alarm)
Unknown MAC, with a valid SSID - a known SSID is being broadcast by the
unknown access point (critical alarm)
Known MAC, with an unknown SSID - a rogue may be spoofing a MAC
address (critical alarm)
Inactive Wireless AP with valid SSID (critical alarm)
Inactive Wireless AP with unknown SSID (critical alarm)
Known Wireless AP with an unknown SSID (major alarm)
In ad-hoc mode (major alarm)
Note: In the current release, there is no capability to initiate a DoS attack on
the detected rogue access point. Containment of a detected rogue requires
an inspection of the geographical location of its Scan Group area, where its
RF activity has been found.