Security

Dear Friends, 

We are a big college having 1200 students + 200 Staff. We finished the whole network infrastructure refresh last year. Everything (Aruba CX Switch, IAP and Clearpass) is up and running. Today, I have noticed someone is talking about Evil Twin Attack on local Wifi infrastructure, I noticed in my IAP, IDS, everything is set off.  Should we change Infra, clients and protections to low to start with to protect our On-Prem Wifi Infrastructure? What impact these will have for our Wifi Performance etc? 

Please Educate me. 
Thanks
ML

------------------------------
Becoming a Networking Engineer
------------------------------

Do you have an internal security team that looks into things like that?  IDS/IPS is very individual based on the "business" you are running and one size does not fit all.  The security needs of a bank are different than the needs of an educational institution that wants to maintain connectivity.  I would consult someone to determine your risk and whether or not it is worth the administrative overhead to enable those features.  In addition, I hope that others in your industry, if they can, will chime in and say what they are doing about IDS/IPS.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Sep 26, 2022 10:42 PM
From: Mang Lai
Subject: IAP IDS Protection questions.

Dear Friends,

We are a big college having 1200 students + 200 Staff. We finished the whole network infrastructure refresh last year. Everything (Aruba CX Switch, IAP and Clearpass) is up and running. Today, I have noticed someone is talking about Evil Twin Attack on local Wifi infrastructure, I noticed in my IAP, IDS, everything is set off.  Should we change Infra, clients and protections to low to start with to protect our On-Prem Wifi Infrastructure? What impact these will have for our Wifi Performance etc?

Please Educate me.
Thanks
ML

------------------------------
Becoming a Networking Engineer
------------------------------

Hi we don't have a security team. I am the networking guy who does all switches and wifi...any suggestions where I can start with is IAP's IDS? 

------------------------------
Becoming a Networking Engineer
------------------------------

Original Message:
Sent: Sep 27, 2022 08:10 AM
From: Colin Joseph
Subject: IAP IDS Protection questions.

Do you have an internal security team that looks into things like that?  IDS/IPS is very individual based on the "business" you are running and one size does not fit all.  The security needs of a bank are different than the needs of an educational institution that wants to maintain connectivity.  I would consult someone to determine your risk and whether or not it is worth the administrative overhead to enable those features.  In addition, I hope that others in your industry, if they can, will chime in and say what they are doing about IDS/IPS.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Sep 26, 2022 10:42 PM
From: Mang Lai
Subject: IAP IDS Protection questions.

Dear Friends,

We are a big college having 1200 students + 200 Staff. We finished the whole network infrastructure refresh last year. Everything (Aruba CX Switch, IAP and Clearpass) is up and running. Today, I have noticed someone is talking about Evil Twin Attack on local Wifi infrastructure, I noticed in my IAP, IDS, everything is set off.  Should we change Infra, clients and protections to low to start with to protect our On-Prem Wifi Infrastructure? What impact these will have for our Wifi Performance etc?

Please Educate me.
Thanks
ML

------------------------------
Becoming a Networking Engineer
------------------------------

you can start referring to this link from user guide
https://www.arubanetworks.com/techdocs/Instant_810_WebHelp/Content/instant-ug/ids/intrusion-detec.htm

and enabling just the IDS and see the info and then based on that you can stat tuning it accordingly



------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Oct 02, 2022 06:15 PM
From: Mang Lai
Subject: IAP IDS Protection questions.

Hi we don't have a security team. I am the networking guy who does all switches and wifi...any suggestions where I can start with is IAP's IDS? 

Thanks

Get Outlook for Android

------------------------------
Becoming a Networking Engineer

Original Message:
Sent: Sep 27, 2022 08:10 AM
From: Colin Joseph
Subject: IAP IDS Protection questions.

Do you have an internal security team that looks into things like that?  IDS/IPS is very individual based on the "business" you are running and one size does not fit all.  The security needs of a bank are different than the needs of an educational institution that wants to maintain connectivity.  I would consult someone to determine your risk and whether or not it is worth the administrative overhead to enable those features.  In addition, I hope that others in your industry, if they can, will chime in and say what they are doing about IDS/IPS.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Sep 26, 2022 10:42 PM
From: Mang Lai
Subject: IAP IDS Protection questions.

Dear Friends,

We are a big college having 1200 students + 200 Staff. We finished the whole network infrastructure refresh last year. Everything (Aruba CX Switch, IAP and Clearpass) is up and running. Today, I have noticed someone is talking about Evil Twin Attack on local Wifi infrastructure, I noticed in my IAP, IDS, everything is set off.  Should we change Infra, clients and protections to low to start with to protect our On-Prem Wifi Infrastructure? What impact these will have for our Wifi Performance etc?

Please Educate me.
Thanks
ML

------------------------------
Becoming a Networking Engineer
------------------------------

The truth is, strong encryption and good security policy make it less likely that your user's data will be intercepted or manipulated.  If your users are using WPA2-AES with EAP-TLS, it makes their data difficult to intercept or manipulate.  There are users who might have to use the guest network because they are not part of your organization.  Those users should use a VPN on top of using an open network and you should have information stating that on your captive portal page.  Some wireless security tips in general are on the page here:  https://www.cisa.gov/uscert/ncas/tips/ST05-003

What you should NOT do is blindly enable wireless IDS features.  Many of those features have false positives and you will consume much of your time trying to understand them, only to have them be false. 

If you do not have the funds to hire a consultant, you should engage with other organizations in the same industry, to understand what they are doing to maintain and improve their security posture.  You can also post in one of the industry forums here to understand what HPE/Aruba Customers in your same industry do for wireless security:  https://community.arubanetworks.com/discussion

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Oct 02, 2022 06:15 PM
From: Mang Lai
Subject: IAP IDS Protection questions.

Hi we don't have a security team. I am the networking guy who does all switches and wifi...any suggestions where I can start with is IAP's IDS? 

Thanks

Get Outlook for Android

------------------------------
Becoming a Networking Engineer

Original Message:
Sent: Sep 27, 2022 08:10 AM
From: Colin Joseph
Subject: IAP IDS Protection questions.

Do you have an internal security team that looks into things like that?  IDS/IPS is very individual based on the "business" you are running and one size does not fit all.  The security needs of a bank are different than the needs of an educational institution that wants to maintain connectivity.  I would consult someone to determine your risk and whether or not it is worth the administrative overhead to enable those features.  In addition, I hope that others in your industry, if they can, will chime in and say what they are doing about IDS/IPS.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Sep 26, 2022 10:42 PM
From: Mang Lai
Subject: IAP IDS Protection questions.

Dear Friends,

We are a big college having 1200 students + 200 Staff. We finished the whole network infrastructure refresh last year. Everything (Aruba CX Switch, IAP and Clearpass) is up and running. Today, I have noticed someone is talking about Evil Twin Attack on local Wifi infrastructure, I noticed in my IAP, IDS, everything is set off.  Should we change Infra, clients and protections to low to start with to protect our On-Prem Wifi Infrastructure? What impact these will have for our Wifi Performance etc?

Please Educate me.
Thanks
ML

------------------------------
Becoming a Networking Engineer
------------------------------