RF Management in SonicOS 4.0 Enhanced

Similar documents
UCP-Config Program Version: 3.28 HG A

Location Planning and Verification

Context-Aware Planning and Verification

Chanalyzer 4. Chanalyzer 4 by MetaGeek USER GUIDE page 1

Chanalyzer by MetaGeek USER GUIDE page 1

DVDO Air3C-PRO TM Quick-Reference Guide. Version 1.0

Date: 01/01/17 10:26:10AM

Spectralink VIEW Certified Configuration Guide. Extreme Networks. ExtremeWireless C25, C35, V2110, C5210 with AP 3935

TT-208. User s Manual. 300Mps 5.8 GHz. IP Camera Wireless Transmission Kit

AW2400iTR USER S MANUAL 2.4 GHz Indoor Wireless Ethernet Radio

Basic Radio Settings on the WAP371

Chanalyzer by MetaGeek USER GUIDE page 1

CSRmesh Beacon management and Asset Tracking Muhammad Ulislam Field Applications Engineer, Staff, Qualcomm Atheros, Inc.

EOS 80D (W) Wireless Function Instruction Manual ENGLISH INSTRUCTION MANUAL

Wireless Network Security Spring 2015

High Density Experience (HDX) Deployment Guide

AW900xTR USER S MANUAL 900 MHz Outdoor Wireless Ethernet Radio

COALESCE V2 CENTRAL COALESCE CENTRAL USER GUIDE WC-COA 24/7 TECHNICAL SUPPORT AT OR VISIT BLACKBOX.COM. Display Name.

AcuMesh Wireless RS485 Network. User's Manual SOLUTION

Wireless Network Security Spring 2016

How to Configure ibeacons in Jamf Pro

In the continuously changing

CWNA-106 (Certified Wireless Network Administrator)

USER S MANUAL ADDENDUM Matched Pair Bridges

Endurance R/C Wi-Fi Servo Controller 2 Instructions

Kodiak Corporate Administration Tool

Wireless LAN Planning Report. Indoor Demo 1

9/2/2013 Excellent ID. Operational Manual eskan SADL handheld scanner

907,10 PLN brutto 737,40 PLN netto

Wireless Network Security Spring 2014

Media Independent MAC Enhancements for RF Management of Wireless 802 Networks

ExtremeWireless 3935 i/e Indoor Access Point

User Manual. Internet Radio Adaptor with DAB and Bluetooth DBA-03R. (Additional powered speaker / active speaker is required to use this product)

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Connecting the Radio:

Pervasive Systems SD & Infrastructure.unit=3 WS2008

Cisco CleanAir Accessory for Chanalyzer

Wireless Internet Routing. IEEE s

AirMax DUO Lite a/b/g Dual Radio Base Station. Hi-Power Dual Band. Dual. Mode. WISP Network. 5GHz IP-65. Radio2

Sandboxing Wireless/RF Vulnerability Research of Connected Systems

RingMaster Software. Planning Guide. Release June 2011 (Release Date) Part Number: , Revision D

Layerone / 2006 RFID Technology, Security & Privacy. Luiz Eduardo Dos Santos, CISSP luiz AT arubanetworks.com

MICHIGAN DEPARTMENT OF TRANSPORTATION SPECIAL PROVISION FOR TRAFFIC SIGNAL WIRELESS COMMUNICATIONS LINK

Chanalyzer Pro. Chanalyzer Pro by MetaGeek USER GUIDE page 1

3710i/e Indoor Access Point High Performance, Enterprise-Grade for High-Density Deployments

TACOT Project. Trusted multi Application receiver for Trucks. Bordeaux, 4 June 2014

RSSI LED IP-67. Virtual. HTTPS WISP Bridge

Locali ation z For For Wireless S ensor Sensor Networks Univ of Alabama F, all Fall

An IoT Based Real-Time Environmental Monitoring System Using Arduino and Cloud Service

SCOUT Mobile User Guide 3.0

The Speaker. 20 years in Networking. First Half doing Integration Second Half on Products. 5 years building Wi-Fi

2.4GHz/5GHz 300Mbps Outdoor CPE

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Cambium PMP 450 Series PMP 430 / PTP 230 Series PMP/PTP 100 Series Release Notes

RLX-IH b. User Guide. Industrial Hotspot

IEEE ax / OFDMA

Kaltura CaptureSpace Lite Desktop Recorder: Editing, Saving, and Uploading a Recording

Quick Start Guide Hardware

IEEE C802.16h-06/090

MICHIGAN DEPARTMENT OF TRANSPORTATION SPECIAL PROVISION FOR TRAFFIC SIGNAL WIRELESS COMMUNICATIONS LINK

RADIO FREQUENCIES, WI-FI & JARGON. Chris Dawe & Tom Bridge

EC312 Security Exercise 15

QAM Snare Navigator Quick Set-up Guide- Wi-Fi version

Jeffrey M. Gilbert, Ph.D. Manager of Advanced Technology Atheros Communications

Rob Havelt Black Hat Europe, 2009

Future radio access implementation & demonstration Scandinavian workshop on testbed-based wireless research November 27 th 2013

AW5802xTP. User s Manual. 5.8 GHz Outdoor Wireless Ethernet Panel. AvaLAN. Industrial-grade, long-range wireless Ethernet systems

IEEE C802.16h-06/042

ORCA-50 Handheld Data Terminal UHF Demo Manual V1.0

Laird Software Version for the MSD30AG and SSD30AG Radios

WEB I/O. Wireless On/Off Control USER MANUAL

ZigBee Propagation Testing

best practice guide Ruckus SPoT Best Practices SOLUTION OVERVIEW AND BEST PRACTICES FOR DEPLOYMENT

Lifetime Power Energy Harvesting Development Kit for Wireless Sensors User s Manual - featuring PIC MCU with extreme Low Power (XLP) Technology

RSSI LED IP-67. Virtual. HTTPS WISP Bridge

AW5802xTR. User s Manual. 5.8 GHz Outdoor Wireless Ethernet Radio. AvaLAN. Industrial-grade, long-range wireless Ethernet systems

GD&T Administrator Manual v 1.0

Managing Radios and Radio Descriptors

Program and System Information Protocol Configuration for System Releases 2.5, 2.7, 3.5, 3.7, 4.0, 4.2, and CV 3.4

GSM Interceptor Fast and reliable interception of GSM traffic

Location Discovery in Sensor Network

Datasheet. Shielded airmax ac Radio with Isolation Antenna. Model: IS-5AC. Interchangeable Isolation Antenna Horn. All-Metal, Shielded Radio Base

Chanalyzer Pro Sample Report

Wireless LAN Applications LAN Extension Cross building interconnection Nomadic access Ad hoc networks Single Cell Wireless LAN

Wireless LAN Fundamental. Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Public

Datasheet. Tag Piccolino for RTLS-TDoA. A tiny Tag powered by coin battery V1.1

Enhanced Push-to-Talk Application for iphone

Mobile Security Fall 2015

RAZER CENTRAL ONLINE MASTER GUIDE

AW900F AW900F-PAIR USER S MANUAL

PRODUCT MODULE: GWF-5M01 VERSION: V1.0 DATE:

Syed Obaid Amin. Date: February 11 th, Networking Lab Kyung Hee University

Optimal Clock Synchronization in Networks. Christoph Lenzen Philipp Sommer Roger Wattenhofer

idocent: Indoor Digital Orientation Communication and Enabling Navigational Technology

Using the IFR 2975 for Advanced Project 25 Keyloading Capabilities and AES/DES Encryption

The Intuitive Web-Based Wi-Fi Planning Tool

ES-400/ES-500W/ES-500WR User's Guide

BBM for BlackBerry 10. User Guide

Operating Instructions. Sophos Access Points

Location Services with Riverbed Xirrus APPLICATION NOTE

Transcription:

RF Management in SonicOS 4.0 Enhanced Document Scope This document describes how to plan, design, implement, and maintain the RF Management feature in SonicWALL SonicOS 4.0 Enhanced. This document contains the following sections: RF Management Overview section on page 2 Why RF Management? section on page 2 Benefits section on page 2 Deployment Prerequisites section on page 3 Enabling RF Management on SonicPoint(s) section on page 3 Using The RF Management Interface section on page 4 Selecting RF Signature Types section on page 5 Viewing Discovered RF Threat Stations section on page 5 Adding a Threat Station to the Watch List section on page 6 Types of RF Threat Detection section on page 7 Practical RF Management Field Applications section on page 8 Before Reading this Section section on page 8 Using Sensor ID to Determine RF Threat Location section on page 9 Using RSSI to Determine RF Threat Proximity section on page 10 SonicWALL SonicOS 4.0 Enhanced RF Management 1

RF Management Overview RF Management Overview The following section provides a brief overview of the RF Management feature found on SonicWALL security appliances running SonicOS 4.0 or higher. This section contains the following subsections: Why RF Management? section on page 2 Benefits section on page 2 Deployment Prerequisites section on page 3 Why RF Management? Radio Frequency (RF) technology used in today s 802.11-based wireless networking devices poses an attractive target for intruders. If left un-managed, RF devices can leave your wireless (and wired) network open to a variety of outside threats, from Denial of Service (DoS) to network security breaches. In order to help secure your SonicPoint Wireless Access Point (AP) stations, SonicWALL takes a closer look at these threats. By using direct RF management, SonicWALL helps detect threats without interrupting the current operation of your wireless or wired network. Benefits SonicWALL RF Management provides real-time threat monitoring and management of SonicPoint radio frequency traffic. In addition to its real-time threat management capabilities, SonicWALL RF Management provides network administrators a system for centralized collection of RF threats and traffic statistics; offering a way to easily manage RF capabilities directly from the SonicWALL security appliance gateway SonicWALL RF Management is: Real-Time - View logged information as it happens Transparent - No need to halt legitimate network traffic when managing threats Comprehensive - Provides detection of many types of RF threats, including: Long Duration Attacks Management Frame Flood Null Probe Response Broadcasting Deauthentication Valid Station with Invalid (B)SSID Wellenreiter/NetStumbler Detection Ad-Hoc Station Detection Unassociated Station EAPOL Packet Flood Weak WEP IV For complete descriptions of the above types of RF Threat Detection, turn to the Types of RF Threat Detection section on page 7. 2 SonicWALL SonicOS 4.0 Enhanced RF Management

Enabling RF Management on SonicPoint(s) Deployment Prerequisites The following prerequisites must be met in order to deploy SonicWALL RF Management on your network: A SonicWALL PRO 2040, 3060, 4060, 4100 or 5060 appliance SonicOS 4.0 or above installed on one of the above SonicWALL PRO series appliances One or more SonicWALL SonicPoint(s), provisioned by your SonicWALL PRO series appliance Enabling RF Management on SonicPoint(s) In order for RF Management to be enforced, you must enable the RF Management option on all available SonicPoint devices. The following section provides instructions to re-provision all available SonicPoints with RF Management enabled. Step 1 Step 2 Navigate to SonicPoint > SonicPoints in the SonicWALL security appliance management interface. Click the Configure button corresponding to the desired SonicPoint Provisioning Profile. Step 3 In the General tab, click the Enable RF Management checkbox. Next, to ensure all SonicPoints are updated with the RF Management feature enabled, it is necessary to delete all current SonicPoints from the SonicPoint table and re-synchronize these SonicPoints using the profile you just created. Step 4 Click the button at the bottom right corner of the SonicPoints table. Step 5 Click the button at the top of the page. Your SonicPoints will now reboot with the RF Management feature enabled. Be patient as the rebot process may take several minutes. SonicWALL SonicOS 4.0 Enhanced RF Management 3

Using The RF Management Interface Using The RF Management Interface The RF Management interface (SonicPoint > RF Management) provides a central location for selecting RF signature types, viewing discovered RF threat stations, and adding discovered threat stations to a watch list. This section provides an overview of usage and features for the following RF Management operations: RF Management Interface Overview section on page 4 Selecting RF Signature Types section on page 5 Viewing Discovered RF Threat Stations section on page 5 Adding a Threat Station to the Watch List section on page 6 RF Management Interface Overview The top portion of the RF Management interface allows you to: View the number of threats logged for each group/signature Select which RF signature types your SonicWALL looks for The bottom (Discovered RF Threat Stations) portion of the interface allows you to: View a detailed log of the most current threats Configure a watch list for discovered stations 4 SonicWALL SonicOS 4.0 Enhanced RF Management

Using The RF Management Interface Selecting RF Signature Types The RF Management interface allows you to select which types of RF threats your SonicWALL monitors and logs. Step 1 Step 2 Navigate to SonicPoint > RF Management in the SonicWALL security appliance management interface. RF threat types are displayed, with a checkbox next to each. Click the checkbox next to the RF threat to enable/disable management of that threat. By default, all RF threats are checked as managed. Tip For a complete list of RF Threat types and their descriptions, see the Types of RF Threat Detection section on page 7 of this document. Viewing Discovered RF Threat Stations The RF Management Discovered Threat Stations list allows you to view, sort and manage a list of the most recent threats to your wireless network. Each logged threat contains (and can be sorted by) the following information: Log Data MAC Address Type Vendor Rssi Rate Encrypt RF Threat Update Time Sensor Description Physical address of the RF threat station. Type of wireless signal received from the threat station. Manufacturer of the threat station (determined by MAC address). Received signal strength as reported by the SonicPoint. This entry, along with the sensor entry, can be helpful in triangulating the actual physical position of the RF threat device. Transfer rate (Mbps) of the threat station. Wireless signal encryption on the threat station, None or Encrypted. RF Threat type. For a complete list with descriptions, see the Types of RF Threat Detection section on page 7. Time this log record was created/updated. ID of the SonicPoint which recorded this threat. This entry, along with the Rssi entry, can be helpful in triangulating the actual physical position of the RF threat device. Tip Did you know? It is possible to find approximate locations of RF Threat devices by using logged threat statistics. For more practical tips and information on using the RF Management threat statistics, see the Practical RF Management Field Applications section on page 8 SonicWALL SonicOS 4.0 Enhanced RF Management 5

Using The RF Management Interface Adding a Threat Station to the Watch List The RF Management Discovered Threat Stations Watch List feature allows you to create a watch list of threats to your wireless network. The watch list is used to filter results in the Discovered RF Threat Stations list. To add a station to the watch list: Step 1 In the SonicPoint > RF Management page, navigate to the Discovered RF threat stations section. Step 2 Click the icon that corresponds to the threat station you wish to add to the watch list. Step 3 Step 4 A confirmation screen will appear. Click OK to add the station to the watch list. If you have accidentally added a station to the watch list, or would otherwise like a station removed from the list, click the icon that corresponds to the threat station you wish to remove. Tip Once you have added one or more stations to the watch list, you can filter results to see only these stations in the real-time log by choosing Only Stations in Watch List Group from the View Type drop-down list. 6 SonicWALL SonicOS 4.0 Enhanced RF Management

Types of RF Threat Detection Types of RF Threat Detection The following is a partial list containing descriptions for the most prominent types of RF signatures detected by SonicWALL RF Management: Long Duration Attacks Wireless devices share airwaves by dividing the RF spectrum into 14 staggered channels. Each device reserves a channel for a specified (short) duration and during the time that any one device has a channel reserved, other devices know not to broadcast on this channel. Long Duration attacks exploit this process by reserving many RF channels for very long durations, effectively stopping legitimate wireless traffic from finding an open broadcast channel. Management Frame Flood This variation on the DoS attack attempts to flood wireless access points with management frames (such as association or authentication requests) filling the management table with bogus requests. Null Probe Response When a wireless client sends out a probe request, the attacker sends back a response with a Null SSID. This response causes many popular wireless cards and devices to stop responding. Broadcasting Deauthentication This DoS variation sends a flood of spoofed deauthentication frames to wireless clients, forcing them to constantly de-authenticate and subsequently re-authenticate with an access point. Valid Station with Invalid (B)SSID In this attack, a rouge access point attempts to broadcast a trusted station ID (ESSID). Although the BSSID is often invalid, the station can still appear to clients as though it is a trusted access point. The goal of this attack is often to gain authentication information from a trusted client. Wellenreiter/NetStumbler Detection Wellenreiter and NetStumbler are two popular software applications used by attackers to retrieve information from surrounding wireless networks. Ad-Hoc Station Detection Ad-Hoc stations are nodes which provide access to wireless clients by acting as a bridge between the actual access point and the user. Wireless users are often tricked into connecting to an Ad-Hoc station instead of the actual access point, as they may have the same SSID. This allows the Ad-Hoc station to intercept any wireless traffic that connected clients send to or receive from the access point. Unassociated Station Because a wireless station attempts to authenticate prior to associating with an access point, the unassociated station can create a DoS by sending a flood of authentication requests to the access point while still unassociated. EAPOL Packet Flood Extensible Authentication Protocol over LAN (EAPOL) packets are used in WPA and WPA2 authentication mechanisms. Since these packets, like other authentication request packets, are received openly by wireless access points, a flood of these packets can result in DoS to your wireless network. Weak WEP IV WEP security mechanism uses your WEP key along with a randomly chosen 24-bit number known as an Initilization Vector (IV) to encrypt data. Network attackers often target this type of encryption because some of the random IV numbers are weaker than others, making it easier to decrypt your WEP key. SonicWALL SonicOS 4.0 Enhanced RF Management 7

Practical RF Management Field Applications Practical RF Management Field Applications This section provides an overview of practical uses for collected RF Management data in detecting Wi-Fi threat sources. Practical RF Management Field Applications are provided as general common-sense suggestions for using RF Management data. This section contains the following sub-sections: Before Reading this Section section on page 8 Using Sensor ID to Determine RF Threat Location section on page 9 Using RSSI to Determine RF Threat Proximity section on page 10 Before Reading this Section When using RF data to locate threats, keep in mind that wireless signals are affected by many factors. Before continuing, take note of the following: Signal strength is not always a good indicator of distance - Obstructions such as walls, wireless interference, device power output, and even ambient humidity and temperature can affect the signal strength of a wireless device. A MAC Address is not always permanent - While a MAC address is generally a good indicator of device type and manufacturer, this address is succeptable to change and can be spoofed. Likewise, originators of RF threats may have more than one hardware device at their disposal. 8 SonicWALL SonicOS 4.0 Enhanced RF Management

SonicPoint Using Sensor ID to Determine RF Threat Location Practical RF Management Field Applications In the Discovered RF Threat Stations list, the Sensor field indicates which Sonic Point is detecting the particular threat. Using the sensor ID and MAC address of the SonicPoint allows you to easily determine the location of the SonicPoint that is detecting the threat. Timesaver For this section in particular (and as a good habit in general), you may find it helpful to keep a record of the locations and MAC addresses of your SonicPoint devices. Step 1 Step 2 Navigate to SonicPoint>RF Management in the SoncWALL Management Interface. In the Discovered RF Threat Stations table, locate the Sensor for the SonicPoint that is detecting the targeted RF threat and record the number. Step 3 Navigate to SonicPoint>SonicPoints. Step 4 In the SonicPoints table, locate the SoincPoint that matches the Sensor number you recorded in Step 2. Step 5 Record the MAC address for this SoincPoint and use it to find the physical location of the SonicPoint. The RF threat is likely to be in the location that is served by this SonicPoint. PRO 3060 Sensor - Identifies which individual SonicPoint(s) are detecting the RF threat. SonicWALL SonicOS 4.0 Enhanced RF Management 9

SonicPoint PRO 3060 Practical RF Management Field Applications Using RSSI to Determine RF Threat Proximity This section builds on what was learned in the Using Sensor ID to Determine RF Threat Location section on page 9. In the Discovered RF Threat Stations list, the Rssi field indicates the signal strength at which a particular Sonic Point is detecting an RF threat. The Rssi field allows you to easily determine the proximity of an RF threat to the SonicPoint that is detecting that threat. A higher Rssi number generally means the threat is closer to the SonicPoint. Tip It is important to remember that walls serve as barriers for wireless signals. While a very weak Rssi signal may mean the RF threat is located very far from the SoincPoint, it may also indicate a threat located near, but outside the room or building. Step 1 Step 2 Navigate to SonicPoint>RF Management in the SoncWALL Management Interface. In the Discovered RF Threat Stations table, locate the Sensor and Rssi for the SonicPoint that is detecting the targeted RF threat and record these numbers. Step 3 Navigate to SonicPoint>SonicPoints. Step 4 In the SonicPoints table, locate the SoincPoint that matches the Sensor number you recorded in Step 2. Step 5 Record the MAC address for this SoincPoint and use it to find the physical location of the SonicPoint. A high Rssi usually indicates an RF threat that is closer to the SonicPoint. A low Rssi can indicate obstructions or a more distant RF threat. SonicWALL PRO 5060 with RF Management enabled rssi - Identifies signal strength of the RF threat, allowing for approximate distance gauging. Strong signal rssi: 33 Weak signal rssi: 12 10 SonicWALL SonicOS 4.0 Enhanced RF Management

Practical RF Management Field Applications Solution Document Version History Version Number Date Notes 1 3/27/07 This document was created by Patrick Lydon. SonicWALL SonicOS 4.0 Enhanced RF Management 11

Practical RF Management Field Applications 12 SonicWALL SonicOS 4.0 Enhanced RF Management

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback