Detection

A overview of infrastructure and client intrusion detection and various configurable levels available within HPE Aruba Networking Central.

Infrastructure intrusion detection

Detecting attacks against the infrastructure is critical for avoiding attacks that may lead to a large-scale DoS attack or a security breach. HPE Aruba Networking Central offers a suite of signature selections to help detect attacks against the WLAN infrastructure, which consists of authorized APs, the RF medium, and the wired network.

An authorized or valid AP is defined as an AP that belongs to the WLAN infrastructure. The AP is either an HPE Aruba Networking AP or a third-party AP. The WIDS application automatically learns about authorized HPE Aruba Networking APs.

For a full list of AP classifications, refer to the Classification topic.

Client intrusion detection

Generally, clients are more vulnerable to attacks than APs. Clients are more likely to associate with a malicious AP due to the client’s driver behavior or a misconfigured client. Monitoring of authorized clients is important to track their associations and to detect any attacks raised against them.

Client intrusion detection includes, but is not limited to the following:

Detecting attacks against clients: An attacker can perform an active DoS attack against an associated client or perform a replay attack to obtain the keys of transmission which could lead to more serious attacks.

Monitoring authorized clients: Since clients are easily tricked into associating with unauthorized APs, tracking all misassociations of authorized clients is very important.

An authorized client is a client authorized to use the WLAN network. For HPE Aruba Networking Wireless Operating System (AOS) , an authorized client is called a valid client. AOS automatically learns a valid client. A client is determined to be valid if associated to an authorized or valid AP using encryption; either Layer 2 or IPsec.

For a full list of client classifications, refer to the Classification topic.

Levels of detection

The detection settings on HPE Aruba Networking Central for both infrastructure and clients can set to the different levels depending on the security requirements of the organization.

  • High - Enables all the available detection mechanisms

  • Medium - Enables most of the important detection mechanisms

  • Low - Enables the most critical detection mechanisms

  • Off - Disables all detection mechanisms

  • Custom - Allows the selection of desired detection mechanisms


Last modified: July 29, 2024 (6115eca)