
Working with the Mitigator
Analysis Engine Overview
SCALANCE WLC711
15-2 C79000-G8976-C260-03, 07/2012, User Guide, V8.11
while the other controllers run data collector functionality. No more than one Analysis Engine can be running
at a time. You must ensure that the controllers are all routable.
Analysis Engine Overview
The Analysis Engine relies on a database of known devices on the SCALANCE WLC711 system.
The Analysis Engine compares the data from the RF Data Collector with the database of known
devices.
This database includes the following:
• Wireless APs — Registered with any SCALANCE IWLAN Controller with its RF Data
Collector enabled and associated with the Analysis Engine on this SCALANCE IWLAN
Controller.
• Third-party APs — Defined and assigned to a VNS.
• Friendly APs — A list created in the Mitigator user interface as potential rogue access points
are designated by the administrator as Friendly.
• Wireless devices — Registered with any SCALANCE IWLAN Controller that has its RF Data
Collector enabled and has been associated with the Analysis Engine on this SCALANCE
IWLAN Controller.
The Analysis Engine identifies AP security threats and classifies them based on one or more of the
following threat types:
• Rogue AP which includes:
– Unknown MAC, with a valid SSID - a known SSID is being broadcast by the unknown
access point (major alarm)
– Known MAC, with an unknown SSID - a rogue may be spoofing a MAC address (major
alarm)
– Inactive Wireless AP with valid SSID (major alarm)
– Inactive Wireless AP with unknown SSID (major alarm)
– Known Wireless AP with an unknown SSID (major alarm)
• External AP - Unknown MAC address and unknown SSID (major alarm)
• Device in ad-hoc mode - major alarm
Note:
In the current release, there is no capability to initiate a DoS attack on the detected rogue access point.
Containment of a detected rogue requires an inspection of the geographical location of its Scan Group area,
where its RF activity has been found.
Enabling the Analysis Engine
Before using the Mitigator, you must enable the Analysis engine.
Comentarios a estos manuales