Mobility/Wireless

Reply
Contributor
Posts: 22
Registered: ‎12-04-2012

WIPS

Hi, everyone!

1. Just started to dig into wireless security and IPS features on the Brocade products. I have a lot of small stupid questions and really need a strong understanding of Brocde solution.

Is this right, that WIPS exist natively on RFS controllers and APs and to get advanced we need to have smth like BR-RFS4000-L-ADWIP on every controller? So, we need to have a sensor mode radio on APs and a controller to have WIPS functionality, no external servers and so on? Sensor mode radio is available on all APs, even on single-radio 650?

2. Regarding the guest access: is it possible to have some kind of a one-time passwords or token integration for RFS controllers? I understand, that it is possible just to create an open SSID for guest users, but we need to have a way for our partners or guests to come and get a restricted, precreated login credentials /log for a period of time/ distinguished trackable user entries and logs in case of security violation.

3. AirDefence... What is the difference from RFS (with ADV IPS)? i mean is it just a dedicated security processing, more robust reporting and notification or something much more? And what parts really make a solution, the APs with sensor mode radios and an AirDefence appliance?

Kind regards,

Aleksander Korobko.

Frequent Contributor
Posts: 118
Registered: ‎06-15-2009

Re: WIPS

Hi Aleksander,

Please see my comments below to your questions on Intrusion Prevention System solutions offered by Brocade Mobility.


1.  Just started to dig into wireless security and IPS features on the Brocade products. I have a lot of small stupid questions and really need a strong understanding of Brocde solution.Is this right, that WIPS exist natively on RFS controllers and APs and to get advanced we need to have smth like BR-RFS4000-L-ADWIP on every controller? So, we need to have a sensor mode radio on APs and a controller to have WIPS functionality, no external servers and so on? Sensor mode radio is available on all APs, even on single-radio 650?


Answer- Yes you are right. RFS controllers come with WIPS functionality. However if you need additional security features, then there is the –L-ADWIP license available which can be more valuable.


             In regards to your question on AP sensor mode, yes sensor mode is available in AP650 as well as on all other access points that Brocade sells, you can configure any of the radios on any of the access points to operate in sensor mode.   If you are using the Base WIPS features on the controller, then you don’t need to configure any of the radios on any of your access points to be in sensor mode in order  to use the Base WIPS features .  If you want to use the Advanced WIPS features, then you need to configure Access point radios to be in sensor mode.

2. Regarding the guest access: is it possible to have some kind of a one-time passwords or token integration for RFS controllers? I understand, that it is possible just to create an open SSID for guest users, but we need to have a way for our partners or guests to come and get a restricted, precreated login credentials /log for a period of time/ distinguished trackable user entries and logs in case of security violation.


Answer- Understand your concern & to answer your question, yes, RFS controllers support restricted access to guest users with temporary user credentials using a feature called "Captive Portal" in the controllers. A captive portal policy’s hotspot configuration provides secure authenticated controller access using a standard Web browser. Hotspots provides authenticated access by capturing and re-directing a wireless user's Web browser session to a captive portal login page where the user must enter valid credentials to access to the wireless network. Visitors and guest users at a site would be provided with a temporary username and password from front desk personnel during the sign-in process which would permit access to the network for the duration of their visit. Once the time for the guest account expired, the user would be denied access to the network.


3.  AirDefence... What is the difference from RFS (with ADV IPS)? i mean is it just a dedicated security processing, more robust reporting and notification or something much more? And what parts really make a solution, the APs with sensor mode radios and an AirDefence appliance?


Answer- There are variety of security solutions offered by Brocade to satisfy enterprise requirements depending on customer needs. Please see the white paper by clicking the link below that talks about Brocade Mobility WIPS solutions. There is Base Wireless Intrusion Detection System , Advanced Wireless Intrusion Preventions System, and Wireless Intrusion Prevention System through the Airdefense Services  platform. One of the key benefits of Airdefense platform is that, this solution protects from over 250 different wireless threats versus only 72  and 38 in ADV-WIPS and Base WIDS respectively. The white paper covers more details in terms of feature-sets and other differences between all the three security solutions.

http://www.brocade.com/downloads/documents/technical_briefs/Mobility-WIPS-Overview_GA-TB-387-00.pdf

Hope the above information helps

thanks

Deepti

Contributor
Posts: 22
Registered: ‎12-04-2012

Re: WIPS

Thnx!  Deepti, dat iz great!

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook