Forum

IPS Sensor Field Of View ?

3 posts by 2 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: September 26, 2005:
  • By mairtinosullivan
    Reply

    I'm currently finishing off some work for the CWSP exam and am going through the practise questions to make sure I've covered everything.

    One question I came across discusses field of view configuration for wireless IPS sensors.
    The answer seems to reference Airmagnet sensors and claims that the correct answer is the industry standard.

    Could someone point me in the direction of some further reading on this topic?

    I've looked on google and haven't found anything..

  • By Chrisparis75
    Reply

    Martin,
    I don't think you will need to go to much in the details for the part related to IDS. Generally IDS is implemented in a proprietary way by various vendors. Airmagnet is a leader in the industry for the WIDS but I haven't read anything telling that this is now an industry standard.
    I would suggest you to focus on the most important points the CWSP exam want you to master. I have put below a copy of my personal training document summarizing the infos about IDS you should know for the exam...

    Wireless Intrusion Detection Systems
    An IDS inspects inbound and outbound traffic and attempts to identify suspicious activity.
    You have Wired network IDS :
    Wireless IDS : they use sensors and some are part of the AP firmware.

    False positives are alarms that are raised due to boundary or policy violations, but are actually legitimate operations within the network.

    Some features of IDS :

    Network-based IDS
    ?¡é?€?¡é All packets are analyzed. The IDS must be able to process inputs fast enough.
    ?¡é?€?¡é Wireless IDS use wireless sensors.

    Host-based IDS
    ?¡é?€?¡é IDS will examine datas on each host computer

    Passive vs. Reactive
    ?¡é?€?¡é Passive : reports an anomaly
    ?¡é?€?¡é Reactive : does action when it identifies an attack (access restriction, service closure, disconnections)

    Host Based and network based IDS both report to central management station (not present in peer to peer mode).
    IDS doesn?¡é?€??t route packets nor does management of APs.

    Hope it will help you prepare your CWSP exam !

    Regards
    Chris

  • By mairtinosullivan
    Reply

    Thanks Chris,

    I'm pretty well versed on IDS/IPS systems from the wired world so it's quite easy to get a hold on the wireless versions.

    I was just pretty concerned seeing comments such as "industry standard" used with regard to a topic I didn't know much about!

    Thanks for the tips!

Page 1 of 1
  • 1