SonicOS 8 Internal Wireless
Table of Contents
IDS - Wireless Intrusion Detection Service
Wireless Intrusion Detection Services (IDS) greatly increase the security capabilities of the SonicWall wireless security appliances. Wireless IDS enables Rogue Access Points to be recognized and have counter measures in place. This is the most common type of illicit wireless activity.
IDS is supported in all three radio roles: Access Point, Wireless Station, and Access Point & Station.
Access Point IDS
When the radio role is set to Access Point, the wireless security appliance broadcasts a wireless network and serves wireless clients. The appliance uses passive monitoring to detect Rogue Access Points by listening for beacon frames on the selected channel.
A Scan momentarily changes the Radio Role to allow the wireless security appliance to perform an active scan, and might cause a brief loss of connectivity for associated wireless clients. While in Access Point mode, the Scan function should only be scheduled when no clients are actively associated, or if the possibility of client interruption is acceptable.
Wireless Station IDS
When the radio role is set to Wireless Station, the wireless security appliance connects to another access point as a wireless client. The appliance monitors wireless traffic associated with the access point it is connected to and identifies potential threats through passive monitoring.
Access Point and Station IDS
When the radio role is set to Access Point & Station, the wireless security appliance operates as both an access point and a wireless client. It broadcasts a wireless network while also maintaining a connection to another access point. The appliance monitors both traffic types to identify suspicious activity.
Rogue Access Points
Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security. In general terms, an access point is considered rogue when it has not been authorized for use on a network. The convenience, affordability and availability of non-secure access points, and the ease with which they can be added to a network creates a easy environment for introducing rogue access points. The real threat emerges in a number of different ways, including unintentional and unwitting connections to the rogue device, transmission of sensitive data over non-secure channels, and unwanted access to LAN resources. While this doesn't represent a deficiency in the security of a specific wireless device, it is a weakness to the overall security of wireless networks.
The security appliance can alleviate this weakness by recognizing rogue access points potentially attempting to gain access to your network. It does this in two ways: active scanning for access points on all 2.4GHz and 5GHz channels, and passive scanning (while in Access Point mode) for beaconing access points on a single channel of operation.
See also:
