A good pentest should include suggestions on how the impact/importance of the detection, how to fix these issues or manage the risk associated to it. Did you get such guidance?
Deauthentication attacks are part of the WLAN standard and fixed in WPA3 with mandatory Management Frame Protection (PMF/MFP). Further you can detect deauths with the IDS, but be prepared for false-positives.
FakeAP attacks are not really an infrastructure issue, more a client configuration issue. Clients should reject connections to a fake/rogue AP. The protect-ssid / protect-ap-impersonation are probably best you can do, if you follow up on attacks.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 17, 2022 09:39 AM
From: Arnaldo Morales
Subject: Aruba Central - Deauth and fake AP attacks on Aruba APs
After a pentest audit, our APs have been detected to be vulnerable to Fake AP and deauthentication attacks. Is there something which we can do to avoid these attacks? I am checking the IDS Protection configuration, and I have the following commands protections enabled:
protect-ssid
rogue-containment
protect-adhoc-network
protect-ap-impersonation
protect-valid-sta
protect-windows-bridge
Any idea about if it is possible to stop these attacks? Thanks.