Wireless Access

Reply
Occasional Contributor II

what is the best practice for IPS/IDS features to be enables

i need to establish secured netwrok at a bank

what is the best features to be enabled at the IPS Wizard to achieve the securtity goal and defend against vairus attacks and do i need AP to at Monitor Mode or can IPS work with AP Mode 

Re: what is the best practice for IPS/IDS features to be enables

APS deployed for client access will provide IPS/WIDS scanning, but only on it's host channel. You can configure them to do off-channel scanning, however it can be disruptive if you support voice or video over your wireless network should an AP go off channel with and active call or video stream. you can configure your APs not to scan when voice or video is present, but then you're left with a risk that your APs are not scanning often enough to catch any bad actions.

Dedicated Air Monitors can scann full time, and across all bands much faster, giving you a better resolution of the RF environment in your environment.

 

As far as the best capabilities to add, it's best to work with your Aruba SE or partners to come up with what requirements best suit your needs. There are some signatures and alerts that would only be necessary for WPA2-PSK or open networks, and if all your SSIDs are WPA2 (PEAP or TLS), then you don't need to alert of them. Other alerts are very verbose (ala 'adhoc alerts) which you may or may not care about. So it's best to work individually on each signature. The user guide also has ver good descriptions of each signature that you can look through. 

 

Unfortunately, there's no one config fits all for WIDS as every institution may have differing requirements or security events that they care about, that others may not care for.

Jerrod Howard
Sr. Techical Marketing Engineer
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: