Fault Management
Overview
While a wireless LAN is a definite way to improve data connectivity in an existing premises without having to foot the bills of structured cabling to every desk, there are certain issues which crop up in doing the same. The first and foremost issue faced by administrators in WLAN is that of security. The degree of susceptibility to risk is greater in a wireless network deployments as the medium of transmission is air. The very air-borne nature of the WLANs opens it to intruders and hackers. So, continuous monitoring of the wireless LAN and enforcing wireless LAN security policies are of prime importance. WiFi Manager with dedicated RF Sensors and web based gui makes the entire process of wireless LAN monitoring and security lot simpler.
WiFi Manager Alarms
WiFi Manager generates different types of alarms including wireless intrusion
alarms, DoS attack related alarms, vulnerability related alarms, performance
degradation alarms, and availability alarms. WiFi Manager generates these
alarms by continuously monitoring the wired and wireless networks in any
of the following three ways:
- Device Traps: Access points and other devices send traps during a
failure. WiFi Manager receives such traps and presents them as meaningful
alarms.
- Device Polling: WiFi Manager continuously monitors the network devices
for availability, performance, and adherence to policies and generates
alarms when the values cross the threshold levels.
- RF alarms: WiFi Manager scans the RF spectrum for 802.11 packets using
dedicated sensors and generates alarms whenever a RF related attack
or vulnerability is detected.
Viewing Alarms
To view the network alarms and to use the fault management functions,
follow the procedure given below.
Procedure:
- Select Fault tab
- By default the View Fault page will be displayed.
Clicking on any alarm will display the alarm details page with
detailed information on the alarm and the alarm history.
- You can also browse through the entire alarm database by
using the links found on the left hand side.
Managing Alarms
You can perform actions such as acknowledge, un-acknowledge, clear, delete
etc., on alarms. To perform these actions follow the procedure given below:
Procedure:
- Select Fault tab
- By default the View Fault page will be displayed.
Choose the alarm(s) on which you want to perform an action.
- Choose the action (such as Acknowledge alarm, UnAcknowledge
alarm, Clear alarm, and Delete alarm) you want to perform.
Configuring alarm generation settings
WiFi Manager allows you to configure the alarm generation. You can enable/disable
an alarm and also change its severity level. To configure the alarm generation
settings, follow the procedure given below.
Procedure:
- Select Fault tab
- Choose the Alarm Settings option available under
the Fault Settings category.
- Enable or disable alarms from the list available in the right hand
side panel. The list of available alarm settings is given in the table
below.(Under Alarm Notification)
- Click Finish to save your settings.
| Category |
Alarm Setting |
| Intrusion |
AirJack Detected AP SSID ChangedAP Channel Change
Rogue AP Detected
Rogue Client Detected
Rogue Ad-hoc Client Detected
Station is Operating As Unauthorized Type
Random MAC Address Detected
Spoofed MAC Address
ASLEAP Attack Detected
Client is Sending Spurious Traffic
Adhoc SSID Same As AP
Hotspotter Attack Detected
Airsnarf Attack Detected
WEPWedgie Attack Detected
Constant Traffic |
| Operational |
Client BSSID Changed
AP Reported A Problem To A Client
Station With Excess Retransmissions
Access Point Restarted
Client Rate Support Mismatch
Channel With Too Many APs
Channel with Excessive Errors
AP Low Signal Strength
RF Port Errors |
| Performance |
In Bandwidth Utilization
Out Bandwidth Utilization
CPU Utilization
Memory Utilization
Rx Traffic
Tx Traffic |
| Availability |
Interface Reachability for Routers
Port Reachability for Switch
Status Poller for Printers
RF Port Status Poller for AccessPoint
Ethernet Port Status for AP
Services Polling for Servers
Device Availability
|
| Vulnerability |
Default SSID in Use
Access Point Broadcasting SSID
Ad-hoc Network Operating
Access Point With WEP Disabled
Weak WEP IV used
Authorized Client Connected to Rogue Access Point
Access Point is Using Hotspot SSID
Unencrypted NetBIOS Traffic Detected
EAP Disabled Associate
Traps
802.11 Authentication Failure
|
| Sensor |
Sensor Missed Keep-alive
Sensor Failed to Start |
| DoS |
Authentication Failure Attack
Deauthentication Flood Attack Access Point
Overloaded Disassociation Flood Attack Association Flood Attack
Authentication Flood Attack
RF Jamming Attack
EAPoL Start Storm
EAPoL Logoff Storm
Duration Attack Detected
Broadcast Disassociation Packet
Broadcast Deauthentication Packet
Improper Broadcast Packet |
| Sniffers |
Wellenreiter Detected
Netstumbler Detected |
Notification
The administrator can configure the WiFi Manager to notify him about the alarms occuring in the network.
The notification can be through one of the following ways:
1. Send E-Mail.
2. Play Sound.
3. Run a System Command.
4. Send Traps.
By default, the profiles send mail and play sound are available in WiFi Manager. These steps to create notification profiles, configuring notification of Alarms and associating these to the devices can be referred to in our How Tos document in detail.
Configuring Watchlist
|
Watchlist: You can add a set
of devices, which you need to monitor specially into this watchlist.
This enables you to view alarms of those devices separately and
helps you get a better picture of your IMPORTANT devices at a glance. |
To configure the watchlist, follow the procedure
given below.
Procedure:
- Select Fault tab
- Choose the “Watchlist Settings” option
available under the Fault Settings.
- By default the list of devices in My WatchList are displayed.
You can add/remove devices into your watchlist using the arrow keys
-> and <- available in the device selector.
- Click save to save the changes
|