Wireless > IDS
349
SonicOS Enhanced 4.0 Administrator Guide
Enable Association Flood Detection is selected by default. The Association Flood
Threshold is set to 5 Association attempts within 5 seconds by default.
Intrusion Detection Settings
Rogue Access Points have emerged as one of the most serious and insidious threats to
wireless security. In general terms, an access point is considered rogue when it has not been
authorized for use on a network. The convenience, affordability and availability of non-secure
access points, and the ease with which they can be added to a network creates a easy
environment for introducing rogue access points. Specifically, the real threat emerges in a
number of different ways, including unintentional and unwitting connections to the rogue
device, transmission of sensitive data over non-secure channels, and unwanted access to LAN
resources. So while this doesn't represent a deficiency in the security of a specific wireless
device, it is a weakness to the overall security of wireless networks.
The security appliance can alleviate this weakness by recognizing rogue access points
potentially attempting to gain access to your network. It accomplishes this in two ways: active
scanning for access points on all 802.11a and 802.11g channels, and passive scanning (while
in Access Point mode) for beaconing access points on a single channel of operation.
Enable Rouge Access Point Detection is enabled by default. The Authorized Access
Points menu allows you to specify All Authorized Access Points, Create new MAC Address
Object Group, or Select an Address Object Group.
The Authorized Access Points menu allows you to specify which access points the
SonicWALL security appliance will considered authorized when it performs a scan. You can
select All Authorized Access Points to allow all SonicPoints, or you can select Create new
MAC Address Object Group to create an address object group containing a group of MAC
address to limit the list to only those SonicPoints whose MAC addresses are contained in the
address object group.
Select Create Address Object Group to add a new group of MAC address objects to the list.
Discovered Access Points
The Discovered Access Points table displays information on every access point that can be
detected by all your SonicPoints or on a individual SonicPoint basis:
• MAC Address (BSSID): The MAC address of the radio interface of the detected access
point.
• SSID: The radio SSID of the access point.
• Channel: The radio channel used by the access point.
• Manufacturer: The manufacturer of the access point. SonicPoints will show a
manufacturer of either SonicWALL or Senao.
• Signal Strength: The strength of the detected radio signal
• Max Rate: The fastest allowable data rate for the access point radio, typically 54 Mbps.
• Authorize: Click the icon in the Authorize column to add the access point to the address
object group of authorized access points.