Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents
Chapter 1. Introduction
1.1 Chapter Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 Overview of an AirDefense Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 1.2.1 Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 1.2.2 Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 1.2.3 Server Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 1.2.4 Network Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 1.3 Deployment Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3.2 Organization of this manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3.3 Initial appliance configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3.4 Configuring data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.3.5 Lean Back Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 1.4 AirDefense Server Connection Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 1.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 1.4.2 Keyboard and Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 1.4.3 Static IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 1.4.4 Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 1.4.5 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 1.4.6 About the User Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 1.4.7 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 1.5 Your Role as a User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.5.1 How your user account was created . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.5.2 User types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.5.3 Additional Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.5.4 Effect of Domain-Based Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.5.5 Managing Your User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.6 Basic Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 1.6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 1.6.2 Tree Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.6.3 Tree Structure Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.6.4 Tree Contents Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.6.5 Device Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.6.6 Tree Filter Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.6.7 Tool Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.6.8 Dashboard Drill Down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 1.7 AirDefense and Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 1.7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 1.7.2 Alarm Time Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
TOC-3
3.3 Creating and Changing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.3.2 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.3.3 Basic User Account Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.3.4 Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.3.5 Strong Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 3.4 Limiting Users Network Scope with Domain-Based Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 3.4.1 When to use Domain-Based Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 3.4.2 Who Can Assign Domains? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 3.4.3 Domain Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 3.4.4 Example graphic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 3.4.5 Setup process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 3.4.6 Defining Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 3.4.7 Assigning domains to users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 3.5 Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.5.1 User authentication options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.5.2 Which option should you use?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.5.3 Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.5.4 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.5.5 What you need to know. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 3.6 User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 3.6.1 Display Preferences Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 3.6.2 Current User Information Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 3.6.3 Other Preferences Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Chapter 4. Certificates
4.1 Chapter Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 4.2 About Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 4.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 4.2.2 AirDefense Default Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 4.2.3 Tomcat certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 4.2.4 Root-signed certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 4.2.5 SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 4.3 Security Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 4.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
5.3 Sensor Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.1 Using AirDefense Architect to plan sensor placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.1.2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.2 Using AirDefense Mobile to plan sensor placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.2.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 5.3.2.3 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 5.4 Sensor Placement with WEP Cloaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 5.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 5.4.2 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 5.4.3 For Adequate Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 5.5 Sensor Placement With Location Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5.5.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5.5.2 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5.5.3 IDS versus Location Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5.5.4 Example 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 5.5.5 Example 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
TOC-5
7.3.2.2 Trapeze Mobility Point MP-372 as a Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 7.3.2.3 Enterasys AP1602 Access Point as a Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 7.3.2.4 Nortel 2330 and 2330A Access Point as a Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 7.3.3 Access Points as DedicatedSensors or Dual AP and Sensor Functionality . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 7.3.3.1 Motorola Model 51xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 7.3.3.2 Motorola Model 71xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 7.4 Using the Sensor UI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 7.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 7.4.2 Mandatory tasks from the Sensor UI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 7.4.3 Access the Sensor UI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 7.4.4 Sensor UI Tabs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 7.4.5 Display Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 7.5 Viewing Sensor Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 7.5.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 7.5.2 Wired Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 7.5.3 Wireless Configuration Elements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 7.5.4 The Sensor Syslog Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 7.6 Configuring Sensors Using Sensor UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 7.6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 7.6.2 Model 500 Series Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 7.6.3 Connecting to AirDefense Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 7.6.3.1 500 Series Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 7.6.3.2 400 Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 7.6.4 Accessing the Sensor Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 7.6.4.1 Configure Sensor Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 7.6.4.2 Confirming Connectivity to the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13 7.6.4.3 Advanced Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13 7.7 Using the Sensor Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16 7.7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16 7.7.2 Network Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16 7.7.2.1 Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17 7.7.2.2 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17 7.7.2.3 IPv4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17 7.7.2.4 IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18 7.7.2.5 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18 7.7.3 Advanced Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19 7.7.3.1 Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20 7.7.3.2 Syslog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20 7.7.3.3 Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21 7.7.3.4 Radio Antenna Gain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21 7.8 Using the Monitoring Policy Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22 7.8.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22 7.8.2 Identification Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-23 7.8.3 Profile Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24 7.8.3.1 Operational Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25 7.8.3.2 Monitor Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-26 7.8.4 Override Profile Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
7.9 Troubleshooting Model 500 Series Sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28 7.9.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28 7.9.2 Model 510 Sensor LED Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28 7.9.3 Model 520 Sensor LED Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29 7.10 Zero-Configuration Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30 7.10.1 Using Domain Name Resolution (DNS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30 7.10.2 Using Vendor Options from the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30 7.10.3 For Microsoft Windows 2000, 2003 DHCP Servers: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31 7.10.4 For Linux: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31 7.11 Scanning Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.2 Quick Scan Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.3 Scan Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.4 Lock On Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.5 Quick Scan and Scan Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.6 Extended Channel Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 7.11.7 Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-33 7.12 Rebooting a Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-33
TOC-7
8.5.2 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 8.5.3 On-Demand vs Scheduled Classification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 8.5.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 8.5.3.2 Manual/On-Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 8.5.3.3 Scheduled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 8.5.4 Action Rules and Rule Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 8.5.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 8.5.4.2 Action Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 8.5.4.3 Rule Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 8.5.4.4 Sequence of rules in Rule Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 8.6 Device Synchronization Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 8.6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 8.6.2 Common Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 8.6.3 WLSE Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11 8.6.3.1 WLSE Synchronization Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 8.6.4 AirWave Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 8.6.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 8.6.4.2 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 8.6.4.3 AirWave Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 8.6.5 LiveRF Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15 8.6.5.1 Importing APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15 8.6.5.2 Importing Radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
9.5 Ending Unauthorized Device Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 9.5.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 9.5.2 About Port Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 9.5.3 About Port Suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 9.5.4 Port Suppression Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
TOC-9
14.3.4 Ignoring Devices in Congested Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 14.4 Terminating Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.4.1 Termination Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.4.2 Air Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.4.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.4.2.2 Using Air Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 14.4.3 Policy-based Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 14.4.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 14.4.3.2 Prerequisites for Using Policy-based Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 14.4.3.3 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 14.4.3.4 Configuring Policy-basedTermination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 14.5 Location Tracking (Triangulation) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 14.5.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 14.5.2 Implementing Location Tracking in AirDefense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 14.5.3 Accessing Location Tracking (Triangulation). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 14.5.4 Importing Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 14.5.5 Location View Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8 14.5.6 Scale Tool Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8 14.5.7 Setting Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-9 14.5.7.1 Floor Plan Prerequisite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-9 14.5.7.2 Advanced Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-9 14.5.8 Device Tracking Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10 14.5.9 Location Tracking Right-Click Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-11 14.6 Action Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12 14.6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12 14.6.2 Add/Edit Action Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13 14.6.2.1 Settings Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13 14.6.2.2 Actions Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13 14.6.2.3 Filter Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14 14.6.2.4 Advanced Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14 14.7 Action Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15 14.7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15 14.7.2 Action Control Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15 14.7.3 Action Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16
TOC-11
16.3 Using the Report Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4 16.3.1 Creating a Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4 16.3.2 Extensive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4 16.3.3 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 16.3.4 Creating and Saving a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 16.3.5 Building Your Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 16.3.6 Available Data Fields, Tables, and Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-7 16.3.7 Configuring Data Fields, Tables, and Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8 16.3.8 Types of Filter Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8 16.3.9 Deleting a Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9 16.3.10 Importing a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10 16.3.11 Exporting a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-11
Appendix B. WIPSadmin
B.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 B.1.1 Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 B.2 Using WIPSadmin to Configure AirDefense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 B.2.1 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 B.2.1.1 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 B.2.1.2 IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 B.2.1.3 NETPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 B.2.1.4 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 B.2.1.5 BONDING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 B.2.1.6 HNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 B.2.1.7 DNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 B.2.1.8 TIME. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 B.2.1.9 TZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 B.2.1.10 NTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 B.2.1.11 UIPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 B.2.1.12 DTAGAUTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 B.3 Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-7 B.4 Dbase. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-7 B.5 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-8 B.6 Config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-8
TOC-13
Scope of Documentation
This guide covers: Server configuration Operational configuration Ongoing operation Maintenance Integration with other products. It does not cover initial hardware installation or the basic device configuration you need to perform to get the appliance up and running. This guide also does not cover upgrade instructions to server version 7.3 from previous server versions. Complete instructions for those procedures are included in the publication Upgrade Instructions, AirDefense Enterprise version 7.3.x.
Document Conventions
The following conventions are used in this document to draw your attention to important information: NOTE: Indicate tips or special requirements.
CAUTION: Indicates conditions that can cause equipment damage or data loss.
WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage.
Notational Conventions
The following additional notational conventions are used in this document: Italics are used to highlight the following: Chapters and sections in this and related documents Dialog box, window and screen names Drop-down list and list box names Check box and radio button names Icons on a screen. GUI text is used to highlight the following: Screen names Menu items Button names on a screen. Bullets () indicate: Action items Lists of alternatives Lists of required steps not necessarily sequential Sequential lists (those that describe step-by-step procedures) appear as numbered lists.
Introduction
1.1 Chapter Contents
This chapter includes the following sections:
Section Overview of an AirDefense Deployment Deployment Lifecycle Overview AirDefense Server Connection Options About the User Interfaces Your Role as a User Basic Navigation AirDefense and Time Page 1-2 1-4 1-6 1-8 1-9 1-10 1-13
AirDefense Enterprises remote Sensors collect frames being transmitted by 802.11a-, b-, g-, and ncompliant devices, and sends that data to a central AirDefense Server for analysis and correlation. AirDefense provides the most advanced wireless LAN monitoring with a distributed architecture of remote sensors that communicate with a centralized server.
1.2.2 Sensors
Wireless LAN monitoring requires a sensor in the vicinity of the airwaves carrying the WLAN traffic. The smart sensors from AirDefense passively observe all wireless LAN traffic within 40,000 to 60,000 square feet of typical office space. Once the sensor collects wireless LAN traffic, the smart sensor analyzes the 802.11 frames and extracts meaningful data points to determine key attributes, such as: Wireless device associations Use of encryption and authentication Vendor identification of all devices
Introduction 1-3
Total data transferred. By preprocessing the data on the sensor, the smart sensors greatly reduce the need for bandwidth. In most cases the communication from the smart sensor to the server is less than 3 kbps.
Introduction 1-5
Introduction 1-7
Access WIPSadmin.
1.4.5 SSH
You can communicate with a server using SSH on a workstation. The server must be configured with an IP address for network access When communicating with SSH, you can: Apply a Service Module Conduct Troubleshooting Access WIPSadmin.
Dashboard Rogue Performance Compliance Forensic Intrusion Alarms Device Manager Reports Configuration
User
AirDefense Sensor
Sensor Configuration
Sensor User
Introduction 1-9
Introduction 1-11
Introduction 1-13
1.7.3 Exception
An exception to this is the Alarm Details panel in Alarms. This panel reports alarm details in system time. The Alarm Details time stamp correlates to the AirDefense Server's system time.This is the same time stamp you use for SNMP and Email Notifications. You can use this as a point of reference if more than one Web User is viewing the GUI from different time zones.
2.2.4 Navigation
To change the system name or port number, navigate to Configuration > Appliance Manager > System and make the changes on the Settings tab. Then click Apply.
3.3.2 Navigation
You can create and change user accounts at Configuration > Appliance Manager > Users.
At least one lowercase character At least one of the following symbols: ~ ! @ # $ % ^ & * ( ) _ + - = ? < > { } [ ] | \ : ; , . / Example: Admin!23
Important! You should change the default admin account user password at your first opportunity. Leaving the default password on the system poses a security risk.
3. Select locations to include in the domain on the Locations tab. You may need to click Apply to activate the controls on the Locations tab.
3.5 Authentication
3.5.1 User authentication options
This section describes your options for controlling how AirDefense server authenticates users. By default, it uses local authentication. However, you can alternatively use existing remote authentication sources like a RADIUS or LDAP authentication server.
3.5.3 Process
Setting users up for local authenication is a two-step process: 1. Configure local authentication on the AirDefense server. 2. Assign local authentication to existing or new users. Setting users up for remote authentication is a three-step process: 1. Configure the authentication server on the AirDefense server. 2. Create an authentication profile for the server. 3. Assign the authentication profile to existing or new users.
3.5.4 Navigation
Configure local authentication at Configuration > Appliance Manager > Authentication > Local Authentication. Configure remote authentication at Configuration > Appliance Manager > Authentication > Remote Authentication. Assign user profiles at Configuration > Appliance Manager > Users.
To set up remote authentication, you will need to know: RADIUS server: IP Address of the RADIUS Server Protocol (PAP, CHAP, MSCHAP, and MSCHAPv2) Radius Port (RADIUS authorization server port number) Radius Accounting Port (RADIUS accounting authorization server port number) Shared Secret (The password that is used and shared by both the Authentication Server and the Authentication Profile) The time (in seconds) when a connection process will time out The number of connection retries to be allowed User Prefix/User Suffix you will use to create a custom user string. Example: <Windows-Domain>\<UserName> LDAP server: IP Address of the LDAP Server Protocol (LDAP or LDAPS) LDAP Port (authorization server port number) User Prefix/User Suffix you will use to create a custom user string. Example: <Windows-Domain>\<UserName>
Certificates
This chapter describes your choices for using certificates to verify the authenticity of the AirDefense server to users connecting to it. You must have a user role of Admin or Manager to manage certificates.
A third-party CA
Useful when two or more organizations are working together and require highly secure communications and external validation of clients. Adds significant cost in deployment due to the introduction of third party services and related overhead and expense.
Certificates 4-3
The Security Alert window appears if the certificate does not meet all of the following criteria: The AirDefense Server must have a certificate signed by a trusted Certificate Authority installed, and the certificate must be applied to the AirDefense GUI. NOTE After you install a certificate, you must use the WIPSadmin to restart the AirDefense server processes.
Your workstations current date range must be within the range of valid dates generated for the certificate. The host name generated for the certificate must match the name of the AirDefense Server.
Support of a high number of users Support of high bandwidth consumption Localization of wireless network service.
5.2.4 AP Placement
The sensors should be separated by at least 10 feet from any installed AP's to avoid radio desense. The active transmissions of an AP can desensitize the sensor receiver radio on the same channel when placed in close proximity of an AP.
Location TrackingTo track a device, the device must be observed by three or more Sensors on the same floor plan. Higher sensor density will typically yield higher accuracy results. Connection TerminationTo terminate a devices connection to your network, the device must be in range of a Sensor sending termination signals. Policy EnforcementTo ensure adherence to policies or to detect attacks against managed devices, Sensors must be able to receive a representative sampling of traffic sent by all devices they are monitoring. Rogue DetectionEven sporadic emanations from wireless Stations and Access Points can reveal the presence of rogues. You need to place Sensors where transmissions from rogue devices can be detected as soon as they enter the scanning area.
Where a sanctioned wireless LAN deployment is being monitored (as opposed to enforcement of a nowireless policy), one sensor is typically needed for every six to eight Access Points. Based on the above, one sensor per 20,000 sq/ft of area to be monitored is a sound guideline. Sensors that may be exposed to harsh environments can be placed in accessory enclosures (NEMA-4) that protect the Sensor and provide code, regulatory compliance, or both.
5.3.1.2 Features
Rapidly Design and Deploy More Efficient Networks: AirDefense Architect helps design quality wireless networks by helping to overcome the challenges of coverage holes, poor service areas and improper capacity and network resource allocation. Avoid Costly Retrofits: AirDefense Architect minimizes design and deployment costs by helping the designer visualize the physical location and configuration of installed network equipment, automatically placing and configuring access points, and accurately predicting network coverage and capacity. Simplify Complex Wireless Environments: Designers can quickly compare site-survey measurements to the expected network performance, enabling real-time and accurate design modifications. AirDefense Architect is intuitive and helps users rapidly operate and design in all phases of WLAN build-out and management. Included: AirDefense Survey functionality, which provides real-time, in-field measurements for site surveys. Seamlessly integrated into AirDefense Architect, measurements from AirDefense Survey can be used to optimize and compare its predictions. In addition to planning all your Access Points prior to deployment, Architect also offers a Sensor planning feature. You can use the same building maps to carefully plan sensor placement, ensuring maximum coverage and no dead spots.
5.3.2.2 Prerequisites
Documents that can help you determine sensor placement include: Floor Plans Existing Site Surveys
Wiring layouts Regulatory rules and codes for wiring, construction, materials, etc., where applicable. Tools you will need: A laptop running AirDefense Mobile r4.0 or later (or AirDefense Survey r1.1) An 802.11a/g wireless device (Station or Access Point). The ideal output power for this device (around 40 mW) would be that of a retail quality Station card or Access Point, as these are likely rogue candidates. NOTE: A soft Access Point on a laptop is often an ideal target because it can be Locked On a channel and is battery powered through being hosted on a laptop. Wiring layouts Regulatory rules and codes for wiring, construction, materials, etc., where applicable During the survey, access to all areas to be monitored is required.
5.3.2.3 Procedure
Following is a step-by-step process to accomplish this task. 1. Obtain Maps/Layouts of the facility and determine the traversal plan. 2. Start AirDefense Mobile. 3. Turn on the target device (Access Point, soft Access Point, or laptop/PDA with Station card). 4. AirDefense Mobile should detect the target device. 5. Identify the target device in the AirDefense Mobile device tree and use your mouse to right-click on it to display a list of options. 6. Use AirDefense Mobile Options to Lock On the channel on which the target device is discovered. 7. Right-click select the device in the Dashboard tree; select LiveView. 8. Focus on Signal Strength in the Decode tab in LiveView. Verify that the target device is being tracked by AirDefense Mobile. 9. When a Station card is being used as a target, significant peaks and valleys are observable in Signal Strength as the Station card rotates through channels probing for an Access Point. The peaks are indicative of the effective signal strength relative to AirDefense Mobile. 10.Move the target device to the anticipated fringe where a neighboring Sensor would become primary. 11.At the fringe of coverage, signal strength should be no less than -70 dBm to assure termination ability. 12.Move AirDefense Mobile to the anticipated location of the next Sensor and use the same procedure to ensure that its anticipated coverage area is valid. 13.If the above Sensor placement proves adequate from a coverage and cost of placement perspective, factors observed during this analysis may be extrapolated to other locations of similar construction.
5.4.2 Considerations
For effective WEP Cloaking, there are two important considerations: Spatial coverage - The sensors enabled with WEP Cloaking must at a minimum cover the same area as the authorized Access Points and Stations they are protecting. For this requirement, you should leverage any site surveys you conduct or have conducted for placement of Access Points as aids to sensor placement decisions. Another option is using a WLAN simulation tools such as AirDefense Architect. Figure 4 below shows a simulation of access point coverage based on the building's RF properties loaded into the system. For example, in a typical retail location most wireless point-of-sale devices will be in the front of the store near the check-out stations. Assuming the hacker would be outside of the building, sitting in the front parking lot, it would make sense to place at least 2 sensors in each of the corners in the front of the store. If there is public access from the back of the building or the retail location is surrounded by parking areas, you may want to consider additional sensors in the back for complete protection. Channel coverage - A single sensor should not be required to cloak more than 3 authorized access points at a time. For effective cloaking there must be sufficient chaff WEP frames to confuse the statistical WEP cracking tools. At the same time, the sensors must perform regular Wireless IPS scanning on other channels. The sensors are designed to intelligently adjust their frequency scanning patterns. However, to maximize cloaking effectiveness and scan all other channels for possible intrusions, sensors should not be expected to cloak more than three authorized AP's, or more specifically 3 unique communication channels at a time.
5.5.2 Considerations
Every site is unique in terms of actual sensor coverage; this section merely describes sensor placement and respective coverage in a simplified way. Actual signal propagation is a very complex issue due to environmental factors like the reflection/absorption properties of materials (walls, furniture), large moving object, etc. Sensors should be placed in corners, preferably in a way which minimizes random fluctuations in signal strength caused by people moving around, opening / closing doors, windows or large objects which may be moved during operation, etc. Sensors should not be placed in a straight lineto eliminate the possibility of having two or more similar RSSI values from sensor combinations for different location, combined coverage areas for the sensors should not be symmetric. Place additional sensors in areas where accuracy is importantto achieve repeatable and consistent positioning resolution, sensors should be placed so that they measure unique signal strengths and sensor combinations for each location considered significant.
5.5.4 Example 1
You have a small office of 10,000 sq. ft. For Wireless IDS/IPS you would only need 1 sensor; to maximize the coverage it makes sense to place the sensor in the center of the building. When location tracking is need in this same scenario, a minimum of 3 sensors for each floorplan would be required, and recommended placement is at the corners.
5.5.5 Example 2
You have a multi-floor building with 3 floors. Depending on floor construction the RF may travel through each floor. If only Wireless IDS/IPS is required, you may be able to leverage detection through the floor and ceiling and place sensors on every other floor. Depending on the floor characteristics, you may need a sensor on each floor, however it may make sense to off-set each sensor on each floor and take advantage of the detection through the floor and ceiling. If location tracking is needed, the same 3 sensors for each floor plan would be required and the recommended placement is 3 sensors in the corners of each floor.
6.2.4 Example
You are creating groups and locations for a multi-tenant office. You create a location called 5th Floor, consisting of groups by company on that floor. You have two users responsible for monitoring WLAN security on the floor: Nathan monitors Company A, and Maria monitors Company B. To prevent Nathan and Maria from accessing each others AirDefense server data, you must create one location for Company A and another location for Company B. Consequently, you cant create Locations for higher-level network grouping, but you can create domains at higher levels, such as building, city, or country. If it is not critical that Nathan and Maria be unable to access each others data, you could let them share the same domain and use tree filters to limit the data they view, for management purposes.
Result
Each user can see only the data for the building(s) he manages. He can apply policy and view data by group (floor) within his building, and perform location tracking with triangulation by importing a map for each floor.
Managing Sensors
This chapter describes how to manage AirDefense sensors, including information about communications, interfaces, and using APs as sensors.
Configure external antenna radio gain Configure Extended Channel Scan Restore Sensor configuration to factory defaults Remotely reboot Sensor.
2. Power up the Sensor with the AC/DC power adapter (Model 520 only) or power up the Sensor with your 802.3af compliant PoE source.
Description Automatically obtaining DNS is disabled by default. If you want to automatically obtain DNS, select the Yes button. If not, leave the No button selected, and then type the following: Primary DNS Secondary DNS Domain Name.
New Admin Password/ Verify Admin Password New Monitor Password/ Verify Monitor Password
To change the password for an admin user, type the new password, and then verify it by typing it again. To change the password for a monitor user, type the new password, and then verify it by typing it again.
Setting Addresses You must provide a valid IP address, netmask, and gateway IP address for the Sensor to communicate with the AirDefense Server. You can manually set each Sensors static IP address, Sensor Netmask, and Gateway IP address, or you can automatically receive these address settings from a DHCP (Dynamic Host Control Protocol) server. NOTE
For dedicated monitoring applications/devices, manually setting the addresses is often used to provide well known IP addresses for sensors and thus facilitate troubleshooting.
Use the Sensor UI to set the addresses. A detailed description is located in this chapter. After configuration After you enter or change configuration information on the Configure Sensor tab, use the buttons along the bottom of the screen to: Canceldiscards changes. Save Basic Settingsapplies changes and saves them on the AirDefense server. The following screen shows the confirmation you see after your changes are saved and the sensor is about to reboot:.
Description This feature allows you to use DNS name instead of the IP address for the Sensor. Select the Yes radio button to enable this feature. This feature allows you to use IPv6 addresses if your network is IPv6 enabled. IPv6 addresses can only be obtained via IPv6 Auto-Configuration. Select the Yes radio button to enable this feature.
After Configuration After you enter or change configuration information on the Advanced Settings tab, use the buttons along the bottom of the screen to: Canceldiscards changes. Save Advanced Settingsapplies changes and saves them on the AirDefense server and Syslog server (if configured). You will receive the same confirmation as when the Save Basic Settings is clicked on the Configure Sensor tab.
The Sensor Network Settings window has two tabs: Network Configuration and Advanced Configuration. The tabs are where you configure network settings for Sensors.
7.7.2.1 Identification
The Identification section contains information that identifies an individual Sensor. The only editable field is the Sensor ID field. The other field information is auto-detected by AirDefense and cannot be edited. The following information is displayed:
Field Name MAC Address Hardware Model Software Version Description The Sensors name (editable field) The Sensor's MAC address The Sensor's model number The firmware version number of the Sensor software
7.7.2.2 Servers
The Server Information section is where you provide information about your AirDefense Enterprise server.
Field Name Primary AD Server Secondary AD Server Description Enter the Primary AirDefense Server IP address or the server DNS name as defined in your DNS system. Enter the Primary AirDefense Server IP address or the server DNS name as defined in your DNS system. Enter the Secondary AirDefense Server IP address or the server DNS name as defined in your DNS system. If you do not have a Secondary server, enter the Primary Server address or DNS name again.
7.7.2.3 IPv4
The IPv4 section is where you provide IPv4 information for your Sensor.
Field Use DHCP Description DHCP, short for Dynamic Host Configuration Protocol, is a protocol for assigning dynamic IP addresses to devices in a network. If you want to use a DHCP server, enable DHCP. If you want to manually enter the IP address, Sensor Netmask, and Gateway IP address, disable DHCP. Note: For dedicated monitoring applications, manually setting the Sensors IP address, Sensor Netmask, and Gateway IP address may better serve device connection reliability throughout the entire wireless LAN. IP Address Static IP address for the Sensor. Note: Field is grayed out if DHCP is enabled.
Description Subnet to which the Sensor belongs. Note: Field is grayed out if DHCP is enabled.
Gateway
Gateway IP address to the Sensor. Note: Field is grayed out if DHCP is enabled.
7.7.2.4 IPv6
The IPv6 section is where you provide IPv6 information for your Sensor. This entire section is grayed out if your system cannot handle IPv6 traffic
Field Enabled Use DHCP Description If your Sensor and network has IPv6 capability enable this field to use IPv6. Otherwise, disable this field. DHCP, short for Dynamic Host Configuration Protocol, is a protocol for assigning dynamic IP addresses to devices in a network. If you want to use a DHCP server, enable DHCP. If you want to manually enter the IP address, Sensor Netmask, and Gateway IP address, disable DHCP. Note: For dedicated monitoring applications, manually setting the Sensors IP address, Sensor Netmask, and Gateway IP address may better serve device connection reliability throughout the entire wireless LAN. Static Enabled Static Prefix Length Static IP Address Enable or disable the static fields. Static prefix length as a decimal value. Static IP address for the Sensor. Note: Field is grayed out if DHCP is enabled. Static Gateway Gateway IP address to the Sensor. Note: Field is grayed out if DHCP is enabled.
7.7.2.5 DNS
The DNS section is where you provide information on your Domain Name Server.
Field Obtain DNS Automatically Description Specify whether you want to automatically obtain DNS information. Note: If you decide not to automatically obtain DNS information, the other fields in the DNS section are grayed out. IP address for the primary DNS server. IP address for the secondary DNS server. Domain name for your DNS server.
MTU Country
7.7.3.2 Syslog
The Syslog section is where you supply Syslog information for your Sensor.
Field Remote Syslog Syslog IP Syslog Port Description Specifies whether or not you want to use a Syslog host. Sets the IP address of the remote Syslog host server to which the Sensor data can be routed. This option is disabled by default. Sets the port number of the remote Syslog host server. This option is disabled by default.
7.7.3.3 Passwords
The Password section is where you change and verify passwords for administrators and monitors.
Field New Admin Password / Verify Admin Password New Monitor Password / Verify Monitor Password Description Changes the password for an admin user / verifies a changed password for an admin user. Changes the password for an monitor user / verifies a changed password for an monitor user.
The Monitoring Policy Manager has three tabs: Identification, Profile Configuration, and Override Profile.
You can also reclassify a Sensor using the Auto Placement Rules. Administrators can establish auto placement rules that determine where a Sensor belongs in the network. For example, if you wanted all Sensors assigned to a particular DNS server to be part of a particular group, you can create an auto placement rule to make it happen. Auto Placement Rules have the following properties:
Property Name Destination Type Description Identifies the rule. Names are established automatically but you can change them. Identifies where a Sensor is placed when an auto placement rule is executed. The destination is always a group. The type of rules may be one of the following seven types: Network Address MAC Address Range DHCP Sensor Model IP Range DNS_Server Sensor Name. Rule This is the actual rule. The type determines which rule will be used.
An administrator defines the default profile for all Sensors. Policy Configuration has two configurable tabs: Operational and Monitor.
Lock on Channel is used to lock a Sensor on a specific channel for monitoring. When a channel is selected, the table is updated to reflect the channel that has been locked on.
Basically, you set up an override profile the same way you set up Sensor profiles except there is an additional feature/function included in the Override Profile tab that is not included in the Profile Configuration tab. It is Override Time which is used to specify how long the profile will be overridden. Also, the Auto Upgrade Sensors feature/function is not part of the Override Profile tab.
LEDs
Appearance LED 1: blinking GREEN LED 2: solid GREEN LED 3: solid GREEN LED 1: off LED 2: solid AMBER LED 3: off LED 1: off LED 2: solid GREEN LED 3: off LED 1: off LED 2: solid GREEN LED 3: blinking AMBER LED 1: off LED 2: solid GREEN LED 3: blinking GREEN
Description Sensor is receiving power, is connected to the server, and is detecting radio traffic. Hardware problem.
Radio(s) not functioning properly or other hardware failure. Contact AirDefense customer support. Sensor is likely in process of booting up. Wait approximately one minute for process to complete. Check network cable connections. No DHCP server available on network. Consider setting a static IP address on the sensor. Sensor is likely in process of booting or cannot find the AirDefense server (primary or secondary). Wait approximately one minute. If this condition continues, contact AirDefense customer support. No 802.11a, b or g radio traffic is being observed. If you are sure that there is wireless traffic nearby, contact AirDefense customer support.
Sensor is receiving power, has not yet established a network connection. Sensor is receiving power, a connection to the switch has been established, but sensor is not receiving a DHCP address. Sensor is receiving power, has received DHCP or is configured for static IP, and is attempting to connect to the AirDefense server. Sensor is receiving power, is connected to the server, and is not detecting any radio traffic (a, b or g)
N/A
LED 3: solid AMBER LED 1: blinking AMBER LED 2: solid AMBER LED 3: blinking AMBER Sensor is receiving power, and Sensor Locate command has been issued. You can physically locate a Sensor, by sending Locate command from Sensor UI. Log into Sensor UI and turn Locate option off.
LEDs
LED Appearance PWR: off Link: solid GREEN CON: off Radio: off PWR: solid GREEN
Possible Cause & Remedy Wait approximately 30 seconds for boot up process to complete
PWR
Link
CON
Radio
PWR
Link
CON
Radio
Link: solid GREEN CON: off Radio: off PWR: solid GREEN
No DHCP server available on network. Consider setting a static IP address on the sensor.
PWR
Link
CON
Radio
Link: solid GREEN CON: blinking GREEN Radio: off PWR: solid GREEN
Sensor has detected active Ethernet link and is attempting to connect to the AirDefense server (primary or secondary). Sensor has detected active Ethernet link and is connected to the AirDefense server.
PWR
Link
CON
Radio
Sensor is attempting to connect to the AirDefense server. Wait approximately one minute. If this condition continues, contact AirDefense support. You may want to verify server IP address setting. No 802.11a, b or g radio traffic is being observed. If you are sure that there is wireless traffic nearby, contact AirDefense support.
Link: solid GREEN CON: solid GREEN Radio: blinking GREEN PWR: solid AMBER
Sensor is connected to the AirDefense server and the radio is detecting 802.11 traffic. Sensor firmware is being upgraded.
PWR
Link
CON
Radio
Link: solid GREEN CON: solid GREEN Radio: blinking GREEN PWR & Link alternate blinking GREEN with CON & Radio blinking GREEN
PWR
Link
CON
Radio
Sensor is connected to network, and sensor Locate command has been issued.
User can physically locate a Sensor, by sending Locate command from Sensor UI. Log into Sensor UI and turn Locate off.
Open the DHCP utility, then go to the scope options for the DHCP scope you are placing the sensors in. Right click on Configure Options. On the General tab, scroll down to 043 Vendor Specific Info. OR If you are configuring a specific DHCP Vendor Class: 1. Create a new Vendor Class with any name unique to that system. 2. Add the vendor ID adsensor to the ASCII portion of the Vendor ID field. 3. From the server options, select Predefined Options for this vendor class. 4. From the list of predefined options, choose 043 to be added to this vendor class. 5. In the new 043 Vendor Specific Info, enter the new binary data from the output of genDHCP into the Binary area of the data field. NOTE: This generated string is in Binary and must be typed into the binary field; this cannot be cut and pasted into the ASCII field, as the string will be treated as ASCII instead of binary.
Important! At the time of this release, some versions of the Microsoft DHCP Server do not correctly implement predefined options under vendor class.
A total of 49 channels are scanned in standard mode or QuickScan mode; irrespective of regional configuration. AirDefense can scan 2.4 and 5 GHz concurrently with model 500 series sensors as they are equipped with two concurrent dual band radios. In addition to the standard channels listed above, the Extended Channel Scan feature, when turned on, scans all channels from 4.9GHz to 6.1 GHz in 5 MHz increments. Extended channel scanning is turned off by default. It should only be enabled when there is a requirement to monitor all 802.11a channels that specialized equipment vendors might use. Therefore, most users should not enable the Extended Channel Scan feature. Quick Scan must be enabled before you can select the extended channel mode. If Quick Scan is not enabled, the Extended Channel Scan field in the Sensor UI is disabled (grayed out). Extended Channel Scans are reported in the UI and report as follows: All extended channels below 5170 MHz will be reported as channel 34. All extended channels above channel 5825 MHz will be reported as channel 165. Extended channels between 34 and 165 will be reported to the closest standard channels.
7.11.7 Recommendations
Only use lock on channel when you are investigating a device, because it maximizes the traffic seen on the advertised channel. For example, you can lock on channel when you are using file capture or location tracking. During normal operation, the sensors should always be configured for Quick Scan or Scan Channels in combination with Quick Scan. From a security perspective, it is important that all channels are continuously monitored to catch any suspicious activity or events on channels outside advertised channels. Do not enable the Extended Channel Scan feature unless you are certain that your sensors support extended channels. If you enable the feature and your sensors do not support the extended channels, you will just waste valuable system time scanning non-existent channels.
What is the signal strength of the device? Is it likely that the device is outside your physical perimeter? Is the device properly configured according to your security policies?
8.4.2 Navigation
Device Manager > Show APs > Import AP button
The Imported APs field is a read-only list that displays columns for the Access Point ID and the Access Point Name.
8.4.4.2 Guidelines
Use the following guidelines. Each row of data must consist of a comma-separated list of field values for each AP (as defined in the table below, for example: MAC address, alias, IP address, DNS name, description, authorize, bridge). You do not have to use all field values for the AP, but you must use the MAC address. Always use colons to separate the six groups of hexadecimal digits in the MAC address (xx:xx:xx:xx:xx:xx). Spell out null for any field value that you do not want to use, for example: 00:02:2d:01:23:04, null, null, null, null, yes, no Do not leave any field values as empty spaces. Separate each row by a carriage return or new line character. Separate all field values with commas. These are the delimiters. You must use colons in MAC addresses.
8.4.4.3 Examples
aa:aa:aa:aa:aa:aa, My Access Point, 172.16.0.232, machine@xyz.com, this is my access point, yes, yes bb:bb:bb:bb:bb:bb, AP B, 145.16.0.232, box2@xyz.com, null, no, no
8.4.5.2 Guidelines
Use the following guidelines. Each row of data must consist of a comma-separated list of field values for each Station (as defined in the table below, for example: MAC address, alias, DNS name, description, authorize, list of commaseparated APs). You do not have to use all field values for the Station, but you must use the MAC address. Always use colons to separate the six groups of hexadecimal digits in the MAC address (xx:xx:xx:xx:xx:xx). Spell out null for any field value that you do not want to use, for example: 00:02:2d:01:23:04, null, null, null, null, null, yes, aa:aa:aa:aa:aa:aa, bb:bb:bb:bb:bb:bb. Do not leave any field values as empty spaces. Separate each row by a carriage return or new line character. Separate all field values with commas. These are the delimiters.
8.4.5.3 Example
cc:cc:cc:cc:cc:cc, Station C, machine1@xyz.com, this is my access point, yes, all dd:dd:dd:dd:dd:dd, Station D, machine2@xyz.com, null, no, aa:aa:aa:aa:aa:aa, bb:bb:bb:bb:bb:bb ee:ee:ee:ee:ee:ee, Station E, machine3@xyz.com, this is station e, null ef:ef:ef:ef:ef:ef, Station EF, machine3@xyz.com, this is station fe, yes, aa:aa:aa:aa:aa:aa ef:ef:ef:ef:ef:ef, Station EF, machine3@xyz.com, this is station fe, no, bb:bb:bb:bb:bb:bb
Interpretation
The following statements represent the results of loading the example file above into AirDefense Server: Station C will be entered into the system, authorized on all access points. Station D will be entered into the system, unauthorized on access points aa:aa:aa:aa:aa:aa, bb:bb:bb:bb:bb:bb. Station E will be entered into the system with configuration information only. Station EF will be entered into the system, authorized on access point aa:aa:aa:aa:aa:aa, unauthorized on bb:bb:bb:bb:bb:bb.
8.5.2 Navigation
Configuration > Policy Manager > Auto Classification
8.5.3.2 Manual/On-Demand
The on-demand option lets you classify all devices in the system at any time. You should consider this option for initial system setup, but it is also useful whenever new, unauthorized devices are discovered by AirDefense sensors. After you start an on-demand classification, AirDefense server displays a list of discovered devices, along with data about how they compare to your auto-classification criteria. You can edit the list, manually overriding the auto-classification for single or multiple devices. The devices are actually assigned the new classification only after you confirm that you want to apply the results.
8.5.3.3 Scheduled
Scheduled auto-classification is very helpful when you want to ignore groups of devices with certain attributes, such as low signal strength or those from unapproved vendors.
Important! You should schedule auto-classification to authorize devices with caution, considering the rules that control which devices are authorized (below) carefully, to avoid accidentally authorizing a device in error.
Because auto-classification places a minor burden on the system, AirDefense, Inc. recommends that you schedule auto-classification to occur only once or twice a day.
NOTE: Each field you add to the filter changes to bold onscreen, to help you track your actions.
NOTE: Once you have added new device entries to the SSID List, you can go to the highlight the device row and click on the action in the Action column to open a drop down list with the same options to Authorize, Unauthorize or Ignore the device on the AirDefense system
1. To remove SSID devices that have been added to the SSID List, highlight the device row and select the Remove SSID(s) button. The device is immediately removed from the list. 2. To commit the device(s) that you have added to the SSID List to the AirDefense system, select the Apply button. The devices are then detectable by AirDefense and all options on the Common Settings tab are disabled.
8.6.4.2 Navigation
Configuration > Appliance Manager > Device Sync > AirWave
Description Activates fields for entering a new server. Deletes the current AirWave server you have selected. Allows you to request synchronization immediately. This feature is particularly useful for troubleshooting connectivity issues with AirWave.
AirWave Host or IP Address User Password Confirm Password Protocol Port Sync Station Authorization
Description Imports Access Points defined in an external file. Imports radios defined in an external file. Removes the highlighted AP or radio. Removes all APs and radios.
Device State (optional): e.g. "online", "offline" Able To Transmit RF (optional): TRUE or FALSE (will default to TRUE if left empty). NOTE: Optional values can be left empty.
Managing Switches
9.1 Introduction
This chapter provides information about how AirDefense Enterprise uses the switches in your network to help defend it from wireless attackers.
Function Authentication Algorithm Authentication Passphrase Privacy Algorithm Privacy Passphrase SNMP User Enabled Features
Description
These are all SNMP V3 parameters that must match what is set on the switch.
This is the name of the V3 user, which is configured on the switch for SNMP V3 access. You may enable any of the following features by checking the feature's checkbox: Switch Port Lookup Device Import RSSI Data Retrieval Access Control List.
MIB Support
You can manually select one or more of the following MIBs that are supported by checking the MIB's checkbox: Bridge Q-Bridge Entity Cisco VLAN Trunk Protocol (VTP) Cisco IF-Extension Motorola WS5100/RFS6000/RFS7000 Switch Motorola WS2000 Switch Trapeze Mobility Exchange Nortel 23xx WLAN Switch Enterasys Wireless Switch Cisco WLC. The Auto-Detect MIB support button is used to automatically detect which MIBs are supported.
NOTE: After you add switches into the AirDefense server, they appear in the tree panel when you select Switch from the Tree structure options dropdown menu.
9.4.3 Navigation
Device Manager > Show Switches > Import Switch button
This read-only list displays columns for the Switch Name and the Host. After you have successfully imported a Switch, these columns will appear as the following:
Private Pass Phrase Enabled Features Supported MIBs Enabled (Scan MAC addresses) Description Group Location
Important! If you are not going to use a field in a Switch file, or specify any detail in it, enter null for its value. If you import a Switch to a Location/Group that does not exist in the system, the system imports switches into the Default Location/Group.
Example 1:
SwitchA,172.16.0.168,161,V2c,public,private,null,null,null,null,null,PORTLOOKU P;DEVICEIMPORT;RSSIDATA;ACL,BRIDGE;QBRIDGE;ENTITY;VTPVLAN;IFEXT;SYMBOL5100;SYM BOL2000;TRAPEZE;NORTEL;ENTERASYS;CISCOWLC,true,Imported Cisco Switch,Default Group,Default Location
Example 2:
SwitchB,172.17.0.15,161,V2c,public,private,null,null,null,null,null,PORTLOOKUP ;DEVICEIMPORT;RSSIDATA;ACL,BRIDGE;QBRIDGE;ENTITY;VTPVLAN;IFEXT;SYMBOL5100;SYMB OL2000;TRAPEZE;NORTEL;ENTERASYS;CISCOWLC,true,Imported HP Switch,Default Group,Default Location
Setting up Alarms
AirDefense Enterprise constantly monitors your WLAN for policy violations. You can analyze alarms about these violations periodically on the server UI, or you can configure notifications to alert you when certain alarms occur.
11.2.3 Duration
The alarm stays active for a period of time after the security event ends. This period of time is called the duration. The duration is user-configurable, although AirDefense has determined default duration times correlated to the expected lifecycle of each specific event. When the duration time ends, the alarm becomes inactive. You can use the forensic analysis to view historical alarms.
11.2.4 Example
Three XYZ events within a 30-minute period defines the high-water mark for XYZ events. If the server detects three or more such events within any 30-minute period, an alarm is triggered.
System Health Events that provide information about the state of the AirDefense appliance and its sensors. Vulnerabilities Devices that are detected to be susceptible to attack.
11.3.2 Navigation
There are two main ways to navigate to the Alarm Configuration window: Configuration > Alarm Configuration. Select the alarm you want to configure from the tree, which is divided into alarm categories, and then subcategories. Select an alarm from the Alarms panel. Right-click on it, and then select Alarm Configuration.
Notifications
12.1 Overview
Notifications are emails, SNMP traps, or syslog entries that you configure the AirDefense server to send in response to certain alarms. Notifications include information about the Sensors, APs, and Stations that generate the alarm, when the alarm is generated, and what conditions triggered the alarm. You can control when and where notifications are sent, and you can customize many other aspects of them. In fact, the flexibility of the Action Manager makes it easy to create notifications that are as global or as granular as you want, down to the level of specific alarms occurring on specific devices, reflecting very specific violations of policy data ranges.
12.1.2 Prerequisites
To use notifications, you must first: Set the Hostname for the AirDefense Server. Set the Domain Name for the AirDefense Server. Configure the Mail Relay host for the AirDefense Server. Configure at least one DNS server. Enable notifications for the system.
Important! Notifications are suspended during some maintenance activities you may perform using the WIPSadmin utilities, such as those for reboot (REBOOT) and restart (RESTART).
12.1.5 Navigation
The majority of notification configuration activities occur in the Action Manager. Tools > Action Manager
Notifications 12-3
Assessing Threats
13.1 Introduction
This chapter describes some of the tools AirDefense Enterprise provides to help you assess the threat associated with alarms.
13.2 Considerations
Take some time to look at the alarms to determine the events that trigger them. Sort them by type and count. You can then begin to work through the alarms to determine your network status. Alarm forensics are helpful when you analyze alarms; it is helpful to know that an event occurred but it is even better to know when, how often, and where the event occurred, as well as what devices were involved.
13.4.2 Data
Live View Data provides a variety of charts that allows you to analyze different types of data transmitted and received to/from a particular device. Different charts are displayed according to four customizable views.
View Summary Description Provides a summary of frame data using the following charts: Traffic By Authorization Retry Traffic By Rate Traffic By Channel Devices By Authorization. This is the default view. Device Analysis Channel Analysis B/G Changes the frame data focus to device information. Charts relating to device information are displayed. Changes the frame data focus to channel information for 802.11b/g network traffic. Charts relating to channel information are displayed. Changes the frame data focus to channel information for 802.11a network traffic. Charts relating to channel information are displayed.
Channel Analysis A
13.4.3 Connections
Live View Connections display device relationships (connections) between your wireless and wired networks with APs being the central point. Options are provided to display devices with broadcast frames, devices with multicast frames, or both.
13.4.4 Devices
Live View Devices display the devices that have been seen during a Live Monitoring session in tabular form. Options are provided to show all devices, only APs, or only Stations. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. The device table displays the following information:
Column Device MAC Address SSID Description Lists the different devices that have been seen during the Live Monitoring session. Displays the MAC address of the seen device. Lists the Service Set Identifiers, a 32- character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the BSS (Basic Service Set) and are the logical groups that Access Points belong. Lists the WLAN channel that the device is operating on. Lists the device's signal strength connectivity on the WLAN. Displays number the frames, which are the actual packets of 802.11 protocol, that have been observed by the AirDefense sensor for the given device. Displays the byte count seen by the device. Displays the time and date the device was first seen. Displays the time and date the device was last seen. Displays the number of unique WEP IVs seen by the device.
13.4.5 Frames
Live View Frames display the frames that were captured during a Live Monitoring session. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. Frames data is displayed as follows: Frames table (located on top) Hex values for a selected frame (located on bottom left) Decodes for a selected frame (located on bottom right). The frame table lists the following information:
Column Time Source Destination BSSID Transmitter Receiver Address 1 Address 2 Address 3 Address 4 Channel Rate Signal (dBm) Size 802.11 Type Protocol Sensor Description Displays the time the frame was seen. Lists the device where the frame originated. Lists the device where the frame was sent. Displays the Basic Service Set Identifier. Lists the device that transmitted the frame. Lists the device that actually received the frame. Lists the first address in the frame. Lists the second address in the frame. Lists the third address in the frame. Lists the fourth address in the frame. Lists the WLAN channel that the device is operating on. Displays the data rate (in Mbps) being used by the device that sent the packet. Lists the device's signal strength connectivity on the WLAN. Displays the size of the frame. Displays the 802.11 protocol type used in the frame. Displays the protocol type used in the frame. Displays the MAC address of the Sensor that observed the device that sent the packet.
The Capture File window is basically the same as the Live View window minus the buttons and menus that are not needed for Frame Capture Analysis. The tabs display the same information as the Live View window.
If you select one of the following tabs, the summary is expanded into more detailed forensic data so that you can learn more about the wireless device and if necessary, take immediate action: Device Info displays the current settings for the device being analyzed. Threat Analysis displays a table of alarms generated by the device being analyzed. Association Analysis lists the associations between the device being analyzed and other wireless devices. Traffic Analysis displays traffic transmitted and received by the device being analyzed. Signal Analysis displays a device's signal strength (in dBm) as measured by various sensors.
Mitigation Strategies
This chapter describes some of the ways you can mitigate risks associated with devices producing alarms on your wireless network.
14.2.3 Escalation
The escalation section is editable by the user and allows the organization to specify a detailed escalation procedure for the network operation.
14.3.2 Rogue-on-my-network
Rogue-on-my-network is a patent-pending feature that can determine if a rogue is connected to the internal network, and if it requires immediate attention. The Rogue-on-my-network alarm is a very serious warning that will NOT yield a false positive.
14.4.3.3 Navigation
Tools > Action Manager
For further instructions on configuring policy-based termination, see the AirDefense Enterprise Online Help.
Example: Location Atlanta HQ has 2 Floors with 3 Sensors on each floor for Location:
Smoothing
Protocol
Stop Tracking
At the Location and Group levels, you can... Create a new device locationing map Delete a map that is already stored in that group Load a new device locating map from a file external from the application.
Sensor Level
At the Sensor level, you can... Add a sensor to the device locationing map Remove a sensor on the device locating map.
Access Point Stations At the Access Point and Station levels... Add a Device to the device locationing map Remove a Device from the map Initiate device tracking Stop device tracking.
Action Rules are added to the Action Manager to define an action (response) to an alarm. Multiple actions may be assigned to a rule. The Action Manager table displays one rule per row using the following columns:
Column Name Actions Scope Alarms Exceptions Advanced Filter User Description The name of the Action Rule. The action(s) triggered by the Action Rule. The scope to which the Action Rule applies. The alarms or alarm categories that trigger the Action Rule. Exceptions to the Action Rule related to the scope, alarms, or devices. Custom filter or expression used as a filter. The name of the user who created the Action Rule. Note: Only administrators will see this column. Domain The domain name of the user. Note: Only administrators will see this column.
Once an Action Rule is added to the Action Manager, you can edit, copy, or delete it by clicking on the appropriate button.
The Edit Action Rule window has four tabs that are used to define an Action Rule.
Selecting an action displays details about the action in the Action Details window.
Description The user name of the person who initiated the action The name of the Action Rule if action was initiated by an Action Rule
You may select more than one action. If you select one or more actions that are the same, the commands for that action are available. If you select one or more actions that are different, the only command available is Cancel All which will cancel any highlighted action.
You can elect to view all the scheduled events (default) or you can narrow the events to one of the following types: AP Test Auto Classification Backups Firmware Upgrade Frame Capture Server Synchronization Forensic Backup.
You cannot schedule new events using the Scheduled Events feature. You can only view, edit, or delete Scheduled Events. The following information is displayed for each event:
Column Type Schedule Description Type of event that is scheduled. How often the scheduled event will be conducted.
Description Last time the scheduled event was conducted. Next time the scheduled event will be conducted. Amount of time the scheduled event lasted. Result of the last scheduled event.
You can change how often the event is conducted by selecting One Time Schedule, Intra-Day Schedule, Daily Schedule, Weekly Schedule, or Monthly Schedule from the dropdown menu. Depending on the interval you select, fill in the related fields using the following table:
Interval One Time Schedule Action Choose a time for the backup by selecting a time from the Time dropdown menu. Then, select a day for the backup by clicking the Calendar button in the Date field and selecting a date. Select a time to begin the backup. Then, select a frequency in hours. Select a frequency in day, weekdays only, or weekends only. Then, select a time of day. Choose a frequency in days. Then, select a day or multiple days to conduct the backup by clicking the checkbox next to the day to place a checkmark in the box. Choose the months that you want to run a backup by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
Reporting
AirDefense Enterprise's dual approach to reporting consists of a web interface for populating report templates with data, and a flexible interface for creating additional custom report templates. The Web Reporting interface makes it easy to choose report templates and define the scope of data you want to include, then view the resulting report in a selection of formats. You can also save reports, share them with others, and schedule reports to run automatically. The Report Builder application within the GUI lets more advanced users create report templates, either basing them on the templates delivered with AirDefense or designing them from scratch. Reports you create with the report builder become available as templates in the Web Reporting interface.
Reporting 16-3
7. Click Run Report. NOTE: If you are publishing or emailing a report, you have the option of running the report in the background. Just click the Run Unattended button.
Reporting 16-5
16.3.3 Navigation
Tools > Report Builder
NOTE: This may take a few minutes to load the first time you use it.
Its a good idea to use the word Column or the letter C in the section name to help you keep track of components. Add simple componentsClick Edit on the tool bar or right-click on the name of your report in the tree. Select Insert Simple Components, and then select the item you want to add. In addition to sections and columns, simple components include page breaks, headers and footers, and more. Add data fields, tables, and chartsTo add one of these report components to the highest level in the tree, click the name of the report in the tree (the top-level node). To add a report component to a section, click the column in that section that you want to add the component to. Then either right-click or click Edit on the tool bar. Select the item you want to add. NOTE: When building alarm tables with an ap_MAC column, the ap_MAC column will only show data for alarms that were triggered by a station associated to an AP. Other alarms will leave this field blank.. Use the up and down arrows to move items within the tree.
Reporting 16-7
Checkboxes (example):
Reporting 16-9
Boolean (example):
To import a report, follow these steps: 1. Select File > Import. 2. Click the Add button. 3. Navigate to the report, select (highlight) it, and click the Open button. The report is added to the Report Files list. You may add as many reports as you like. 4. If a report name already exists, click the Overwrite existing reports checkbox. 5. Click the OK button.
Reporting 16-11
To export a report, follow these steps: 1. Click File > Export. 2. Select (highlight) one or more reports that you want to export. 3. Click the Add button to add the reports to the Selected Reports list. The Add All button adds all of the available reports to the Selected Reports list. The Remove button removes selected (highlighted) reports from the Selected Reports list. The Remove All button removes all reports from the Selected Reports list. 4. Click the Browse button and navigate to the directory where you want to save the exported report(s). 5. Select the directory by clicking on it. 6. Click the Open button. 7. Click the OK button.
Maintenance
This chapter describes various maintenance activities for the AirDefense Enterprise server and sensors.
Maintenance 17-3
17.6.2 Navigation
Configuration > Appliance Manager > Licenses
Description Indicates the license ID number. Indicates the order number of the license. Indicates the date the license was purchased. Includes the following information: The number of units. The number of active units cannot exceed this number. Unit counts may be 0, a specific number, or unlimited. A style that specifies that the unit count is fixed or floating. Fixed licenses get consumed as they are used and are not released. Floating licenses get released when they are not being used anymore. A unit identifier. Units may be sensors, APs, switch, etc. A maximum value limiting the number of units. A warning limit used to display an alarm that the unit count is being approached and that user should consider purchasing additional licenses.
Active Date
Displays the expiration date and the start date of the license. A warning date is also displayed, indicating when the customer will be issued a warning that the license will soon expire. Unlimited indicates an expiration date of 9999-12-31. Displays the expiration date and start date of the maintenance agreement with the customer. Unlimited indicates an expiration date of 9999-12-31.
Maintenance Date
Maintenance 17-5
There are three ways to install a license: Using a license file Using an authorization code Requesting a license or checking on a pending request.
17.7.2 WIPSadmin
Using the utilities in the WIPSadmin Dbase program area, you can: Restore Intellicenter files (IRESTORE). Check the integrity of the databases (INTCK). Update vendor MAC address information in database (OUI).
17.7.3 GUI
Using the Appliance Manager program area in the GUI, you can: Clear the specific parts of the database or clear the database of all data. Back up the database now or schedule a backup of the database. Recover database information. Export report data from the database. Synchronize primary and secondary servers.
The GUIs Appliance Manager window provides a Backups program that enables you to back up the contents of the AirDefense Server database. For complete step-by-step instructions on how to use the GUIs Backup program, see the Online Help for Configuration > Appliance Manager > Backups. Using this program, you can: Manually back up all data (Backup Configuration) Schedule a backup of data.
Maintenance 17-7
You can manually back up all data to the AirDefense Server, or schedule an automatic backup of all data. You can then pull the database off the AirDefense Server and archive it to your local system.
Important! Back up your database regularly. To copy the data backups to another server, you must use the automatic backup feature. Manual backups are backed up to your AirDefense Server. You can specify where to back up files back on another server. To recover the backups, you must use the Restore Configuration feature of the Backups program.
9. Type irestore, then press <Enter>. The system prompts you to enter a fully-qualified directory name where the archived Intellicenter files reside. 10.Type /usr/local/tmp and then press <Enter>. 11.Type all and then press <Enter> to move the files into the IntelliCenter. The database restores the files from the directory you entered. When complete, the Dbase screen appears. 12.Type q, then press <Enter> to return to the main screen. 13.Exit WIPSadmin. The next time the system does a forensic file rollover it will automatically create the adstatlog.nextfile. In doing so it will do an ls -lrt to find the file with the most recent timestamp and key the number off that file. Since you waited to copy the most recent adstatlog in step 6, it caused it to have the most recent timestamp where the others would all have the same timestamp a minute or two earlier. This will allow the system to correctly do its next rollover.
Maintenance 17-9
3. Type intck, then press <Enter>. The system displays three choices for a database integrity check: Main Database (see step 4) Users Database (see step 5) All of the Above Databases (see step 6) 4. Type 1 <Enter> to check the Main Database. The system executes a limited examination. The result is either PASSED or FAILED. If the test fails, it is because it detected a database integrity problem in the Main Database (smx_main). The system will prompt you to re-index the database. Type y (yes) to fix the most common source of database corruption without deleting data. If the test passes, the system executes Test 2, which is a full data traversal. If Test 2 fails, the system will prompt you to re-index the database. Type y (yes) to fix the most common source of database corruption without deleting data.
5. Type 2 <Enter> to check the Users Database. The system executes a limited examination. The result is either PASSED or FAILED. If the test fails, it is because it detected a database integrity problem in the Main Database (smx_users). The system will prompt you to re-index the database. Type y (yes) to fix the most common source of database corruption without deleting data. If the test passes, the system executes Test 2, which is a full data traversal. If Test 2 fails, the system will prompt you to re-index the database. Type y (yes) to fix the most common source of database corruption without deleting data. 6. Type 3 <Enter> to check both the Main and Users databases simultaneously. The system executes a limited examination. The result is either PASSED or FAILED. If the test fails, it is because it detected a database integrity problem in the Main Database (smx_main), the Users Database (smx_users), or both. The system will prompt you to re-index the databases. Type y (yes) to fix the most common source of database corruption without deleting data. If the test passes, the system executes Test 2, which is a full data traversal. If Test 2 fails, the system will prompt you to re-index the databases. Type y (yes) to fix the most common source of database corruption without deleting data. 7. Type q and press <Enter> to return to the main screen.
Maintenance 17-11
2. Type d, then press <Enter> at the command prompt on the main screen. The Dbase screen appears.
3. Type OUI, then press <Enter>. The system alerts you that continuing the update will automatically cause the server processes to restart after the update has completed. 4. Type yes, then press <Enter> to continue. The system asks you to enter the fully qualified directory path where the OUI update resides (use this if you downloaded the OUI table of vendor MAC addresses from the IEEE Server), or to type I if you wish to access the IEEE Server directly (via the internet) to download the new OUI table of vendor MAC addresses. 5. Type in the fully-qualified directory path, or type I. If you type the directory path: AirDefense retrieves and installs the update file directly from your local server. The system then returns you to the Dbase screen. If you type I: The system accesses the IEEE Server via the internet and automatically downloads the new OUI table into the AirDefense database. 6. Type q and press <Enter> to return to the main screen.
Maintenance 17-13
Setup System Settings Define Network Structure Create User Accounts Define Policies Configure Alarms Schedule Auto Classification Configure Actions Import Devices
A-3
Select the pre-defined Security Sensitivity mode that best suits your organization, and then click Advanced if you want to customize it. Pre-defined modes include: Monitored WLANgenerally for networks where both performance and security are concerns Monitored WLAN Security Onlygenerally for networks where security is the top priority Monitored WLAN congested areasgenerally for networks that are more tolerant of transient or neighboring devices To customize the sensitivity level, select the checkboxes next to the alarms you want to enable and clear the checkboxes next to the alarms you want to disable. At that point, the Custom Sensitivity radio button automatically becomes selected to indicate that you have customized one of the pre-defined modes. You can make additional changes to the Alarm criticality by selecting Configuration > Alarm Configuration.
A-5
WIPSadmin
B.1 Overview
You use the WIPSadmin utilities in the Command Line Interface to perform initial AirDefense configurations, then use the GUI for ongoing configuration. NOTE: Use the GUI to name the AirDefense Server; set the system port for GUI access; enable (or disable) Air Termination, Policy-based Termination, Domain Management, and Port Suppression; and set a Threat Level (for the Dashboard) at the system level.
B.1.1 Contents
This appendix contains a description of each function within the WIPSadmin program. The functions are: Manage Dbase Software Config.
DTAGAUTH use this to import destop agent stations either on a schedule or on demand.
B.2.1 Procedure
To use WIPSadmin Config program, you must: 1. Access the Command Line Interface. 2. Type c, then press <Enter> at the command prompt. The Config screen displays.
B.2.1.1 IP
1. Type ip, then press <Enter> at the prompt to change the IP address, subnet mask, and default gateway of the AirDefense Server you are logged onto. The IP configuration screen opens, displaying the current network configuration. 2. Type a new IP address at the prompt. Press <Enter>. 3. Type a new subnet mask. Press <Enter>. 4. Type a new gateway address. Press <Enter>. Your new values display in bold text. 5. Type yes at the prompt to commit the changes. This returns you to the previous network screen. AirDefense reboots on exit from the WIPSadmin.
Important! If you are logging in remotely using SSH, check these values carefully for accuracy before typing yes or no to commit the changes. Committing incorrect information will cause you to lose connectivity to the AirDefense Server.
B-3
B.2.1.2 IPv6
1. Type ipv6, then press <Enter> at the prompt to change the IPv6 address. The IPv6 configuration screen opens, displaying the current network configuration. 2. If this is your first time using IPv6, you are prompted to enable IPv6. Just type yes and press <Enter>. 3. Type a new IPv6 address at the prompt. Press <Enter>. 4. Type yes at the prompt to commit the changes. This returns you to the previous network screen. AirDefense reboots on exit from the WIPSadmin.
B.2.1.3 NETPORT
Use NETPORT to configure the network interface link speed, duplex setting, and to toggle Autonegotiation on and off. The Autonegotiation feature enables the AirDefense Server to analyze the network and find the most efficient network interface available in some cases. 1. Type netport, then press <Enter> at the prompt to configure network link speed, duplex, and to turn Autonegotiation On and Off. The Netport configuration screen opens, displaying current network interface configuration...Enter on of off for Autonegotiation. 2. At the prompt, press <Enter> to keep the Autonegotiation at its current status, or type in on or off to change the configuration. Press <Enter> again. NOTE: The following steps appear only if the off option is selected. 3. At the prompt, press <Enter> to keep the current link speed, or type in the desired value. Choices are: 10, 100, or 1000 Mb/s. Press <Enter> again. The screen displays the duplex setting selections. 4. At the prompt, press <Enter> to keep the current duplex setting, or type in the desired setting. Choices are half (for half duplex) and full (for full duplex). Press <Enter> again. The screen displays the new network interface configuration. 5. At the prompt, type yes to commit the changes, or no to cancel the operation. 6. Press <Enter>. You are returned to the Config settings screen.
B.2.1.4 DNS
1. Type dns, then press <Enter> at the prompt to define DNS Servers. This adds or deletes a DNS nameserver (Domain Name Server). This is the name of the server you give to your DNS server. The NameServer screen opens, displaying your current DNS servers IP address in bold text. 2. At the prompt, type either a to add a new DNS server, or d to delete a server. To add an entry: type a at the prompt and type the IP address at the ensuing prompt. Press <Enter> to add the new DNS server to the list of nameServers.
To delete an entry: type d at the prompt. At the next prompt, type in the number of the nameserver you want to delete. (If you delete a DNS server that is followed by other servers, all the ones with a lower preference will move up in priority.)
Important! Multiple DNS servers process DNS requests in order. The first DNS server on the list (identified by the number 1) is the first to offer name resolution, the second DNS server on the list (identified by the number 2) is the second to process the request if the first is unable to do so. To change the order preference of multiple servers, you must delete them all, and re-enter them in the order you want them to process your DNS requests. The first DNS server you enter will become number 1the first to process name resolution.
3. Type q, then press <Enter> to quit and return to the main screen. You are prompted to save your changes. 4. Type yes, then press <Enter>.
B.2.1.5 BONDING
1. At the command prompt, type bonding, then press <Enter> to enable the High Availability Ethernet. 2. Type b, then press <Enter>. You will receive confirmation that bonding is enabled. 3. Type q, then press <Enter> to return to the Config settings screen.
B.2.1.6 HNAME
1. At the command prompt, type hname, then press <Enter> to change the hostname. The current hostname is displayed. 2. Type in the new hostname for your AirDefense server, then press <Enter>. You are prompted to save your changes. 3. Type yes, then press <Enter>.
B.2.1.7 DNAME
NOTE: If your system is set up to use DHCP, you will not be able to change the domain name using the WIPSadmin Config program. 1. At the command prompt, type dname, then press <Enter> to change the domain name. The current domain name is displayed. 2. Type in the new domain name for your AirDefense server, then press <Enter>. You are prompted to save your changes. 3. Type yes, then press <Enter>.
B-5
B.2.1.8 TIME
Important! Changing the system time/date could affect the integrity of the database. Any change will cause a system reboot on exit from WIPSadmin. Setting AirDefense time consists of setting the Time and Date (TIME) and the Timezone (TZ), or alternately, enabling an NTP server (NTP). You must set the correct timetime of day, timezone, and dateor alternately, enable an NTP server when you first setup AirDefense. Changing the time configurations after your AirDefense has accumulated data can have an adverse affect on the integral state, time, and event associations that are essential to accurate data reporting.
1. Type time, then press <Enter> at the prompt to change the AirDefense Servers operating time and date The current date and time displays. You are prompted to enter a date in MMDDYYYY format. (Do not use colon, forward slash, or other delimiters.) 2. Press <Enter>. You are prompted to enter a time in 24-hour HHMM or HHMMSS format. 3. Press <Enter>. You are prompted to save your changes. 4. Type yes, then press <Enter>.
B.2.1.9 TZ
Important! Any change will cause a system reboot on exit from WIPSadmin.
1. Type tz, then press <Enter> at the prompt to change the AirDefense Servers time zone. The Time zone screen displays a list of global, continental regions. AirDefense prompts you to choose a global area in which your AirDefense Server resides. 2. Enter the corresponding number (to the left of your region name). Press <Enter>. A list of nations appears. 3. Enter the abbreviation of your nationality (to the left of the nation) in which the AirDefense Server resides. Press <Enter>. A list of nationalities appears. 4. Enter the number of the region within your nationality in which the AirDefense Server resides. Press <Enter>. You are prompted to save your changes. 5. Type yes, press <Enter>. Typing yes or no reboots and clears the database on exit from WIPSadmin.
B.2.1.10 NTP
Instead of setting the AirDefense Time (TIME) and Timezone (TZ), you can enable automatic time synchronization with an NTP. Example: If you change the AirDefense time such as when you move the AirDefense Servers location from the east to west coast of the United States, you must also locate a new network time server in the same time zone. 1. Type ntp at the command prompt to enable or disable a specific network time server (NTP). The NTP screen displays your current status in bold text, whether or not you are currently set to use NTP. 2. Type e to enable NTP. You are prompted to enter the IP address or fully qualified host name (hostname.domainname.com) of a network time server. Alternately, you can type d to disable NTP. No additional input is requiredNTP is immediately disabled. 3. To save the network time server settings, type q to quit. You are prompted to save your settings.
Important! Entering an invalid time server generates an error and logs you out of WIPSadmin. Also, changing the time configurations after your AirDefense has accumulated data can have an adverse affect on the integral state, time, and event associations that are essential to accurate data reporting.
B.2.1.11 UIPORT
You can change the port the GUI is using. 1. Type UIPORT at the command prompt to change the port the GUI is currently using. The UIPORT screen displays the current UI port in use. 2. At the prompt, type yes to change the current port, or no to keep the current port. If you typed no, go to step 3. If you typed yes, go to step 4. 3. If you type no, the operation is canceled. Press <Enter> to return to the Config settings screen. 4. If you type yes, the system asks you to enter a new port. Enter a new port number and press <Enter>. AirDefense automatically accepts the change. 5. Press <Enter> again. You are returned to the Config settings screen.
B.2.1.12 DTAGAUTH
1. Type dtaguath at the command prompt. 2. At the prompt, type E to schedule the imports of desktop agent stations or type I to import desktop agent stations immediately. You will receive a confirmation message indicating success. 3. Press <Enter>. You are returned to the Config settings screen.
B-7
B.3 Manage
WIPSadmin Utility STATUS SYSLOG Use this utility to... Display the process and disk status of the system. Display system log entries resulting from authentication and sendmail failures.You can either display the logs on screen, or write logs to a text file (syslogdata.txt). Truncate system log files when they become too large. Manage AirDefense GUI Web User names and passwords. Use this utility to: Add a Web User for the AirDefense GUI. Delete a Web User for the AirDefense GUI. Change a password for a Web User for the AirDefense GUI. PASSWD Change the password of a Command Line User (smxmgr and smxarchive). (For more information on smxarchive, see Appendix D, Automated Data Retrieval.) Restart AirDefense processes (not a full reboot!). Reboot AirDefense (full reboot). Halt AirDefense (stop processes).
TRIMLOG WEBU
B.4 Dbase
WIPSadmin Utility IRESTORE INTCK OUI Use this utility to... Restore Intellicenter files. Check integrity of databases. Update vendor MAC address information in the database.
B.5 Software
WIPSadmin Utility KEYPKG SERVMOD Use this utility to... Create a package of AirDefense system keys that can be used by AirDefense support to repair corrupt licenses. Update the current version of AirDefense software with feature enhancements or improvements.
B.6 Config
WIPSadmin Utility IP IPv6 NETPORT DNS BONDING HNAME DNAME TIME TZ NTP UIPORT DTAGAUTH Use this utility to... Change the IP address, subnet mask, and default gateway of the AirDefense Server you are logged into. Change the IPv6 address of the AirDefense Server you are logged into. Change the network interface connections, and to toggle the Autonegotiation feature On or Off. Add or delete a DNS nameserver (Domain Name Server). Change the High Availability Ethernet settings. Change the name of the AirDefense Server. Change the domain to which the AirDefense Server belongs. Change the AirDefense Servers operating time and date. Change the time zone in which the AirDefense Server is operating. Enable or disable a specific network time server (NTP). Change the network port number over which the GUI is running. Import destop agent stations either on a schedule or on demand.
C.2.2 Procedure
1. On LocalServer, log in as LocalUser. 2. Run the following command to generate the keys for the LocalUser: /usr/bin/ssh-keygen -d -f $HOME/.ssh/id_dsa At the passphrase prompts, do not enter a passphrase. Hit Return. This action creates the keys for the LocalUser: id_dsa and id_dsa.pub, in the LocalUsers.ssh directory. These keys must keep these names while on this server. 3. Transfer the LocalUsers public key to your AirDefense Server. (It is a good idea to change the name of the key in the process, so it does not become confused with any other keys on the AirDefense Server.) /usr/bin/scp $HOME/.ssh/id_dsa.pub smxarchive@ADServer:LocalUser.pub 4. Log on the AirDefense Server via SSH as smxarchive: /usr/bin/ssh smxarchive@ADServer Enter your password at the prompt. 5. Install the public key as an authorized entry. To do this, add the new public key to the authorized key file: /bin/cat $HOME/LocalUser.pub >> $HOME/.ssh/authorized_keys 6. Ensure the permissions are correct on the key file by modifying the permissions on authorized_keys file: /bin/chmod 600 $HOME/.ssh/authorized_keys 7. Exit the SSH session: exit 8. Verify that the logon works correctly. From LocalServer run: /user/bin/ssh smxarchive@ADServer LocalUser@LocalServer can now ssh and scp to and from smxarchive@ADServer. You should be able to log on without using a password, using only certificate authentication. LocalUser@LocalServer now has all of the access privileges of the smxarchive@ADServer. Once automated retrieval is set up, you can use the scp UNIX utility to copy files from the AirDefense Server to your local server. AirDefense does not support FTP or telnet.
D.1.1 Contents
This appendix contains the automated synchronization procedure for backup of the primary server to a secondary server.
7. Depending on the interval you selected in the previous step, fill in the related fields using the following table:
Interval One Time Schedule Intra-Day Schedule Daily Schedule Weekly Schedule Monthly Schedule Action Choose a time for the backup by selecting a time from the Time dropdown menu. Then, select a day for the backup by clicking the Calendar button in the Date field and selecting a date. Select a time to begin the backup. Then, select a frequency in hours. Select a frequency in day, weekdays only, or weekends only. Then, select a time of day. Choose a frequency in days. Then, select a day or multiple days to conduct the backup by clicking the checkbox next to the day to place a checkmark in the box. Choose the months that you want to run a backup by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
D-3
1. Log into the secondary server's GUI. 2. Navigate to Configuration > Appliance Manager > Backups. 3. Click on the Configuration Sync button. 4. Enable automatic synchronization by clicking the Enable Automatic Configuration Sync checkbox to place a checkmark in the box. 5. Click the Add button and type in a name for the synchronization (Name field) or select a name from the dropdown menu. NOTE: No names will display in the dropdown menu until after you have scheduled at least one other synchronization. 6. In the Address field, type in the primary serverss IP address. 7. In the Port Number field, type in the port number of the primary servers IP address. 8. In the Username field, type in an administrators username on the primary server. NOTE: It is a good practice to setup an admin account (using the same username and password) on both the primary and secondary server. 9. In the Password field, type in the password of the administrator on the primary server. 10.Decide how often you want to run the synchronization by selecting One Time Schedule, Intra-Day Schedule, Daily Schedule, Weekly Schedule, or Monthly Schedule from the dropdown menu. 11.Depending on the interval you selected in the previous step, fill in the related fields using the following table:
Interval One Time Schedule Action Choose a time for the synchronization by selecting a time from the Time dropdown menu. Then, select a day for the synchronization by clicking the Calendar button in the Date field and selecting a date. Select a time to begin the synchronization. Then, select a frequency in hours. Select a frequency in day, weekdays only, or weekends only. Then, select a time of day.
Action Choose a frequency in days. Then, select a day or multiple days to conduct the synchronization by clicking the checkbox next to the day to place a checkmark in the box. Choose the months that you want to run a synchronization by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
Monthly Schedule
6. Click Apply button to enable automatic forensics backup. Now, whenever a forensics file is created, it is automatically backed up on the host specified in the Host Name field. This completes the process for setting up synchronization.
Add-on Products
E.1 Overview
The following modules are licensed separately and must be purchased in addition to the base Enterprise product. These AirDefense modules provide enhanced functionality to the Enterprise solution. Advanced Forensic Analysis Central Management Console (CMC) LiveRF Spectrum Analysis Troubleshooting Vulnerability Assessment WEP Cloaking.
Administrators can view the activity of a suspect device over a period of months and drill down to minuteby- minute detail of wireless activity. Records are kept over a long period of time so that administrators can review events months later to improve network security posture, assist in forensic investigations, and ensure policy compliance. These records can be used to provide evidence that an attacker has made repeated attempts to break into the wireless network and to know where the attack was launched. Advanced Forensic Analysis stores and manages 325 data points every minute for each wireless device on a network. This feature provides administrators more insight into wireless LAN performance and specific wireless device activity. Trends in network usage can easily be visualized to assist in performance troubleshooting such as identification of abnormal usage and capacity planning. See the AirDefense Enterprise Online Help for details on how to use Advanced Forensic Analysis.
The following forensic data is included with Scope Based Forensic Analysis: A summary that includes high-level information about the threat level, device counts and traffic for the entire scope over the selected time range (Summary tab). Active alarm information (Threat Analysis tab). Threat level information on items within the selected scope (Threat Breakdown tab). Transmitted and received traffic by all devices in the selected scope. (Traffic Analysis tab). Total traffic seen by the top 100 devices in the selected scope (Traffic Breakdown tab).
E-3
Device count for each channel over time (Channel Analysis tab). Device counts for Devices and Sensors (Device Analysis tab). Wired bandwidth usage of the Sensors in the selected Scope over time (Bandwidth Analysis tab).
Device Based Forensic Analysis provides Administrators with the same forensic data that Basic Forensic Analysis does, but includes the extra features mentioned earlier. The same tabs are included plus an extra Location Analysis tab. The Location Analysis tab provides information to help administrators locate devices in their wireless network. A Heat Map and a Location Map are used to locate a device. A table view is provided to display the coordinates of a device. To use the map feature, you must first import the location map that is used by Location Analysis.
Enter the Server Address, Username, and Password. Then, click Login. The CMC is displayed. NOTE: The server address is usually an IP address but can be a fully qualified host name. The username and password are case sensitive.
E-5
The CMC application allows the administrator to push out configuration changes only. Any changes made to a slave server are not automatically synchronized with the master server. Also, any changes made to configuration using CMC will override configuration settings on the slave devices.
E.3.1 Tools
CMC has a set of tools that allow administrators to: Search for devices on any of the managed servers. Load all configuration policies from the managed servers and check to see if there are any discrepancies in wireless policy settings between different, managed servers. After detecting policy differences, administrators can make the policies the same across all the managed servers. Download log files from the managed servers to a local directory (folder) on a workstation. Once the file is in a local folder, administrators can view and examine them at any time. Upload Enterprise Service Modules to all managed servers at once.
E-7
E.4 LiveRF
AirDefense LiveRF module, powered by Motorola technology, provides the industry's only real-time and remote assessment of wireless network performance. With AirDefense LiveRF, network administrators can visualize the RF environment to troubleshoot wireless connectivity, throughput issues, capacity problems, and identify RF interference sources from a central console without having to send administrators out to remote locations. AirDefense LiveRF provides a real-time view of wireless coverage as well as performance allowing administrators to determine the source of performance degradation or analyze how additional applications will affect the wireless network.
E.4.1 Features
Features include: View wireless signal coverage Assess Capacity Based on Application Identify & Locate Sources of Interference View Wireless Coverage Holes Evaluate Peak Data Rates by Location Map Signal-to-Interference Ratio Locate Wireless Devices LiveRF is a Windows application that can be installed on any remote workstation pulling feeds from select infrastructure Access Points and AirDefense Enterprise monitoring sensors. A site-specific floor plan with building characteristics modeled in AirDefense Architect is a prerequisite. Combining the measurements taken from WLAN infrastructure, data reported by distributed monitoring sensors and the RF characteristics of walls and other obstructions as modeled in the floor plan, LiveRF maps
E-9
the results real-time on a site specific graphical display. This provides the user with a powerful tool to identify and resolve performance, capacity, and interference related problems.
E.4.2 AP Information
LiveRF obtains information (XMT Power, Channel, etc) about APs in two ways. It polls APs (Cisco Fat APs, etc) that the LiveRF client supports and it queries the ADE Servers for the APs that the LiveRF client does not support. The ADE Server obtains information (XMT Power, Channel, etc) about APs that the LiveRF client does not directly support by importing this information from a file. The LiveRF client then imports this AP information from the ADE Server. The AP information that is imported from the ADE Server is static, and thus does not change when the AP is turned off. Thus LiveRF will continue to "see" APs even after they are powered off. One can delete the AP that was imported for LiveRF and it should disappear from LiveRF. One can then re-import it, and it should reappear. Note that APs that are queried directly by the LiveRF client will also not disappear for up to the polling interval that the LiveRF client uses.
E.4.3 Configuration
Refer to separate LiveRF installation and user guides.
Full Scan Mode - scan full 2.4-2.5 GHz and 4.9-6.1 GHz spectrum to identify presence of interference (scan more channels, spend less time on each channel) Interference Scan Mode - scan specific bands to classify type of interference source (scan fewer channels, spend more time on each channel)
E-11
E.6 Troubleshooting
AirDefense Troubleshooting provides a way to remotely test connectivity to Access Points or remotely troubleshoot stations. A valid AirDefense Troubleshooting license is required before you can access either troubleshooting feature.
E.6.1 AP Test
AP Testing tracks network failures from an automated or manual AP connectivity test. Alarms are generated to indicate a failure of one of the test conditions in the test profile and should be considered a high priority event as it may be preventing the wireless applications from operating properly. AP Testing is a tool that performs remote end to end network testing from a wireless perspective. The test is accomplished by using the deployed sensors as a wireless station to connect to an AP and validate the appropriate resources that can be reached. AP Testing allows validation of wireless authentication, encryption, DHCP, ACL and firewall testing general network connectivity, and application availability testing. These connectivity tests can be run automatically or manually providing proactive notification that the network resources may be unavailable. NOTE: For AirDefense Enterprise 7.3.4, AP Testing is only supported on the M510 and M520 Sensors with firmware version 5.1.x installed.
The AP Test window allows you to configure and run the AP Test. After you have configured an AP Test, you can save it as a profile. A profile can be selected later to run test on a similar Access Point. See the AirDefense Enterprise Online Help for details on how to set up and run AP Tests on demand.
The Schedule AP Tests window displays a list of all scheduled AP Tests. From the Schedule AP Tests window you can: Add, edit, delete, and cancel tests View detail test results
E-13
Manage the profiles that are used to run tests on similar Access Points. See the AirDefense Enterprise Online Help for details on how to schedule AP Tests and use the Schedule AP Tests window.
Online web help is provided that fully explains how to use the Troubleshooting tool.
E-15
The Vulnerability Assessment window allows you to configure and run the assessment. After you have configured an assessment, you can save it as a profile. A profile can be selected later to run test on a similar scope. See the AirDefense Enterprise Online Help for details on how to set up and run Vulnerability Assessments on demand.
The Schedule Vulnerability Assessment window displays a list of all scheduled assessments. From the Schedule Vulnerability Assessment window you can: Add, edit, delete, and cancel assessments View detail assessment results Manage the profiles that are used to run assessments on similar scopes. See the AirDefense Enterprise Online Help for details on how to schedule Vulnerability Assessments and use the Schedule Vulnerability Assessment window.
E-17
An attacker sniffing traffic will not be able to distinguish between cloaking frames and legitimate frames, and therefore, cannot filter out the cloaked frames. When statistical WEP cracking tools are run on the
captured data, they simply fail to decode the key. The following figure shows a screenshot of Aircrack-ng with WEP Cloaking enabled.
E-19
If the AP is 802.11b/g and the stations which require WEP are 802.11b devices and not 802.11g, disable the AP from supporting data rates higher than 11 Mbps.
Customer Support
F.1 Motorolas Enterprise Mobility Support Center
If you have a problem with your equipment, contact Enterprise Mobility support for your region. Contact information is available by visiting http://support.symbol.com and after selecting your region, click on the appropriate link under Support for Business. When contacting Enterprise Mobility support, please provide the following information: Serial number of the unit Model number or product name Software type and version number Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner for support.
Index
Numerics
7 day data purge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-6
A
About Location Tracking (Signature) . . . . . . . . . . . . . . . . . . . . . . 14-11 About Termination Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 Access points as sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Action Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15 Action Control commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16 Action Control table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15 Action Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12 Action Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12 Action rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 Adding Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Add-on Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1 Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9, 3-2 Admin, Sensor Web User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Advanced Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1 Advanced notification filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Air Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1, 14-5 AirDefense Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 AirDefense Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 AirDefense Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 AirDefense system time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 AirTermination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 AirTermination, Single and Multiple Device . . . . . . . . . . . . . . . . . 14-5 AirWave Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 Alarm categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Alarm criticality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 Alarm descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 Alarm Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Alarms, customizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 AP placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 AP Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11 Appliance form factor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Appliance Manager (GUI program area). . . . . . . . . . . . . . . . . . . . . 17-6 APs, importing file format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 Architect, and sensor placement . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Assessing threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Authentication, local. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Authentication, remote. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Authorized devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 auto logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Auto-Classifying multiple devices . . . . . . . . . . . . . . . . . . . . . . . . . .8-8 Automated Data Retrieval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 Automated synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1 Automatic Forensics Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-4 automatic server synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . .2-6 Automatic synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-3
B
backing up data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-5 Backup Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-6 Backups program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-6 Basic navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10 BONDING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 BONDING (WIPSadmin utility--also see Config program area) . . . .B-1 buildi a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5 Building a new report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4 Building your tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-3
C
CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Central Management Console (CMC) . . . . . . . . . . . . . . . . . . . . . . . .E-4 Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Certificate Security Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3 Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1 Changing, passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3, 3-9 Charts, in reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-6 Check the Current Sensor Version . . . . . . . . . . . . . . . . . . . . . . . .17-12 Checking the Integrity of the Databases . . . . . . . . . . . . . . . . . . . .17-9 Clearing the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-6 Columns, in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Command Line User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Common Settings Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-10 Config settings screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-2 Config (WIPSadmin program area-also see WIPSadmin utilities) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4, B-1, B-8 Configuring the Model 500 Series Sensor . . . . . . . . . . . . . . . . . . . .7-9 Connecting Sensors, Model 400 Sensor. . . . . . . . . . . . . . . . . . . . .7-10 Connection Termination, and sensor placement . . . . . . . . . . . . . . .5-3 create a report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2, 16-5 Create, report template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4 creating a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4 Creating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2 Criticality, of alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-5 Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1
IN-2
D
Dashboard preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Data fields, in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-6 Database backups on the primary server . . . . . . . . . . . . . . . . . . . . .D-1 Dbase screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-9, 17-11 Dbase (WIPSadmin program area-also see WIPSadmin utilities) . . . . . . . . . . . . . . . . . . 17-5, 17-7, 17-9, 17-10, B-7 default certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Deleting a report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9 Deployment Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Deployment overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Device Analysis Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Device Based Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . E-1, E-3 Device classification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Device Density . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Device Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Device synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 Device termination, enabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Device termination, enabling on sensors . . . . . . . . . . . . . . . . . . . . . 7-2 Devices, authorized. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Devices, auto-classifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Devices, ignored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Devices, importing multiple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 Devices, neighboring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Devices, unauthorized. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12 DHCP, and sensor configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30 Display preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 DNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 DNAME (WIPSadmin utility-also see Config program area) . . . . . 12-4 DNAME (WIPSadmin utility--also see Config program area). . . . . .B-1 DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 DNS servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4, B-3 DNS (WIPSadmin utility--also see Config program area) . . . . B-1, B-3 Domain considerations, and tree organization. . . . . . . . . . . . . . . . . 6-2 Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Domain Name Resolution, and sensor configuration. . . . . . . . . . . 7-30 Domain Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1 Domain-based partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Domain-based partitioning, enabling . . . . . . . . . . . . . . . . . . . . . . . . 2-4 DTAGAUTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 DTAGAUTH (WIPSadmin utility--also see Config program area). . .B-2 Duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Forensic Analysis, accessing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7 Forensic Analysis, Device Based . . . . . . . . . . . . . . . . . . . . . . . . . . .E-3 forensic data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7 Forensic Time window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7 Forensics Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-4 Frame Capture Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-6 Frame Capture Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-6
G
Graphical User Interface (GUI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9, 3-2 GUI, Current User Information tab . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 GUI, Other Preferences tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 GUI, Preferences tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
H
HALT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 Halt AirDefense. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-2 HALT (WIPSadmin utility-also see Manage program area) . . . . . .17-2 HHMM format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-5 HHMMSS format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-5 High-water mark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-3 HNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 HNAME (WIPSadmin utility-also see Config program area) . . . . .12-4 HNAME (WIPSadmin utility--also see Config program area). . . . . .B-1 Host Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-4 Host name mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3 Hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-4 http and https, sensor connections. . . . . . . . . . . . . . . . . . . . . . . . . .7-2
I
Ignored devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2, 14-4 importing a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-10 Importing multiple devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4 Importing Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8 INTCK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 Interfaces, sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-6 IP (WIPSadmin utility--also see Config program area) . . . . . . . B-1, B-2 IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1, B-8 IRESTORE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 IRESTORE (WIPSadmin utility--also see Dbase program area) . . .17-7
E
Email notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Encryption Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Enterasys AP1602 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 exporting a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-11
J
Java Security Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3
K
KEYPKG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8
F
File for importing Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 File Format for importing Switches . . . . . . . . . . . . . . . . . . . . . . . . . 9-9 File format, importing APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 File format, importing stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6 Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Filters, in reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8 Firmware prerequisite, sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7, E-1, E-2
L
LDAP server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8 license management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-3 Live View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1, 13-3, 13-6, 14-4 LiveRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-8 Local authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7 local system time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13 Location Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4, 14-7 Location tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
IN-3
Location Tracking Right-Click Options . . . . . . . . . . . . . . . . . . . . . 14-11 Location Tracking, and sensor placement . . . . . . . . . . . . . . . . 5-3, 5-8 Location Tracking, triangulation . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 Lock On Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 Login banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Port suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1 Port Suppression, enbling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 ports, Sensor connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2 Power and Data cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-4 Preferences, user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
M
Mail Relay Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Manage (WIPSadmin program area-also see WIPSadmin utilities) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9, 3-2 Manager view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Manual authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Manual data backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 manual server synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Mitigation strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 MMDDYYYY format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-5 Mobile, and sensor placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Model 510 Sensor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Model 510 Sensor LED Functionality . . . . . . . . . . . . . . . . . . . . . . . 7-28 Model 520 Sensor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Model 520 Sensor LED Functionality . . . . . . . . . . . . . . . . . . . . . . . 7-29 Monitoring Policy Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22 Monitoring Scheduled Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Monitor, Sensor Web User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Motorola AP300 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Motorola AP51xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Motorola AP71xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Q
Quick Scan Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32
R
RADIUS setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8 REBOOT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 REBOOT (WIPSadmin utility-also see Manage program area) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1, 17-2 Rebooting a sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-33 Rebooting AirDefense. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-2 Recovering the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-7 Refresh rate, dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 Remote authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7 Report Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1, 16-4 report favorites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3 report scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1 Reports, building . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4 Reports, creating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2 Reports, templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4 RESTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 RESTART (WIPSadmin utility-also see Manage program area) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1, 17-2 Restoring Intellicenter Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-7 Retrievable Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 Rogue Detection, and sensor placement . . . . . . . . . . . . . . . . . . . . .5-3 Rogue mitigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-4 Rogue-on-my-network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-4 Root-signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Root-signed certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Rule sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-9
N
Neighboring devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 NETPORT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1, B-3, B-8 Network connections, sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Network Operator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9, 3-2 Network Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Nortel 2330 and 2330A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Notification filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 NTP (WIPSadmin utility--also see Config program area) . . . . . B-1, B-6
S
save a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5 Scale Tool Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-8 Scan Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32 Scanning Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32 Scheduled data backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-5 Scheduled database backups on the primary server . . . . . . . . . . . D-1 Scheduled device classification . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-8 Scheduled Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-1 scheduling a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3 scheduling Sensor upgrades from the Sensor Network Settings window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-13 Scope Based Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . E-1, E-2 Sections, in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5 Security Alert Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3 Security view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 Sendmail failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-2 Sensor Coverage Survey Process . . . . . . . . . . . . . . . . . . . . . . . . . . .5-5 Sensor interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2 Sensor Netmask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-12 Sensor Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-16
O
Obtain the Sensor Upgrade File . . . . . . . . . . . . . . . . . . . . . . . . . . 17-12 On-Demand auto classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 on-demand Sensor Upgrades from the Sensor Network Settings window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 Other Preferences tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 OUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 OUI (WIPSadmin utility--also see Dbase program area) . . 17-9, 17-10
P
PASSWD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 Passwords, changing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3, 3-9 Performance view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Physical and Electromagnetic Interference . . . . . . . . . . . . . . . . . . . 5-2 Policy Enforcement, and sensor placement . . . . . . . . . . . . . . . . . . . 5-3 Policy-based Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Port Suppression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
IN-4
Sensor Network settings, Model 500 Sensor . . . . . . . . . . . . . . . . . 7-5 Sensor placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Sensor placement, and Location Tracking . . . . . . . . . . . . . . . . . . . . 5-8 Sensor Quantity, Location, and Installation . . . . . . . . . . . . . . . . . . . 5-3 Sensor Reboot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-33 Sensor Syslog Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 Sensor Syslog window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 Sensor UI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Sensor UI Web User login password . . . . . . . . . . . . . . . . . . . . . . . 7-10 Sensor upgrades via scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 Sensor Upgrades window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13 Sensor User Interface (Sensor UI) . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Sensors, rebooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-33 Sensors, troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28 server access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 server connection options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 server keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5 server synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 SERVMOD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 Setting Up for Retrieval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 Shutdown routine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Simple Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 smxarchive, Command Line User . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 smxmgr, Command Line User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 SNMP notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 SNMP (notifications). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Soft reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Spectrum Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10 SSL certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Stations, file format for importing . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6 STATUS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 STATUS (WIPSadmin utility-also see Manage program area). . . . 17-2 Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .D-1, D-3 Synchronizing Primary and Secondary Servers . . . . . . . . . . . . . . . .D-1 SYSLOG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 Syslog notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Syslog (notifications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 SYSLOG (WIPSadmin utility-also see Manage program area). . . . 17-2 syslogdata.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 System log entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 System name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 System Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1 System Setup Wizard, and tree organization. . . . . . . . . . . . . . . . . . 6-3
TIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 Time Stamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13 TIME (WIPSadmin utility--also see Config program area) . . . . B-1, B-5 TLS encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Tomcat certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Trapeze Mobility Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4 Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1 Triangulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2 Triangulation considerations, and tree organization . . . . . . . . . . . .6-1 TRIMLOG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 TRIMLOG (WIPSadmin utility-also see Manage program area). . .17-2 Troubleshooter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9, 3-2 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-11 Troubleshooting Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-13 TZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-8 TZ (WIPSadmin utility--also see Config program area) . . . . . . B-1, B-5
U
UI scope considerations, and tree organization . . . . . . . . . . . . . . . .6-2 UIPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6, B-8 UIPORT (WIPSadmin utility--also see Config program area) . . . . . .B-1 Unauthorized devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2, 14-4 Updating Vendor MAC Address Information . . . . . . . . . . . . . . . .17-10 upgrade Sensor(s) on-demand from the Sensor Network Settings window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-13 Upgrading Sensor Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-12 Upgrading Sensor Firmware Using the Sensor UI . . . . . . . . . . . .17-14 User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1 user accounts, creating and changing . . . . . . . . . . . . . . . . . . . . . . .3-3 User preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 User types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-9 User types (roles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
V
Vintage view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 Vulnerability Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .E-14
W
warning window, accessing Spectrum View . . . . . . . . . . . . . . . . . .3-9 Web Reporting Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2 Web Reporting interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1 WEBU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7 WEP Cloaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2, E-17 WIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 WIPSadmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1, B-6 Wizard, System Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 WLSE Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-11
T
Tables, in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-6 TCP 443, sensor connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 TCP 80, sensor connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Third-party CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Threat assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Z
Zero-configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-130457-01 Revision A - October 2009