Aruba Airwave 8.2.X User Manual

AirWave 8.2.x and

RAPIDS

User Guide

Open Source Code

This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses. A complete machine-readable copy of the source code corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by HewlettPackard Enterprise Company. To obtain such source code, send a check or money order in the amount of US $10.00 to:

Hewlett-Packard Enterprise Company Attn: General Counsel 3000 Hanover Street Palo Alto, CA 94304 USA

Please specify the product and version for which you are requesting source code.

You may also request a copy of this source codefree of charge at: http://hpe.com/software/opensource.

February 2018 | Rev. 01 AirWave 8.2.x and RAPIDS | User Guide

Contents

Contacting Support iv

Overview 5 Determining Your Security Needs 7

Common Security Threat Red Flags 7

Wired and Wireless 7 Wireless Above > -75 Signal 7 Wireless With a Managed SSID 7 Wireless With More Than Three Detecting APs 7

Recommended Setup Options for RAPIDS 9

Wired-to-Wireless MACAddress Correlation (0-8 bits) 9 Wireless-to-Wireless BSSID Correlation (0-8 bits) 9 Delete Rogues not Detected for: 0-14 Days 9 Automatically Perform an OS Scan Rogue Devices 9 Filter Rogues Discovered by Remote APs 9 Wired-to-Wireless Time Correlation Window 10 Triggers 10

Configuring Rogue Scans 13

Wireless Scans 13

Enterprise AP Scans 13 AMC Scans 13

Wired Scans 13

Fingerprint Scans 13 Polling Routers and Switches 13

Rules Recommendations 15

Rule Guidelines 15

Order is Important 15 Name the Rules Intuitively 15 Configuring Neighbor and Valid Rules 15 Protect Your SSID 16

Recommended Rogue Response Workflow 17

Common Rogue Response Scenarios 17

Rogue Connected to Wire 17 Rogues Detected Wirelessly 17 Using VisualRF to Detect a Wireless Rogue 17 Ad-Hoc Rogues 18

AirWave 8.2.x and RAPIDS | User Guide Contents | iii

Contacting Support

Main Site arubanetworks.com

Support Site support.arubanetworks.com

Airheads Social Forums and Knowledge Base community.arubanetworks.com

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Software Licensing Site hpe.com/networking/support

End-of-life Information arubanetworks.com/support-services/end-of-life/

Security Incident Response Team (SIRT) Site: arubanetworks.com/support-services/security-bulletins/

Email: aruba-sirt@hpe.com

AirWave 8.2.x and RAPIDS | User Guide | iv

Chapter 1

Overview

This document provides best practices for leveraging the Rogue Access Point Detection (RAPIDS) module of the AirWave Wireless Management Suite (AWMS) to secure your network. RAPIDS is designed to identify and locate wireless threats by leveraging all of the information available from the infrastructure (seeFigure 1). RAPIDS takes the information it collects and feeds it through a customizable set of classification rules, isolating the threat devices based on your security concerns. RAPIDS can be configured to alert administrators via email, SNMP traps, or syslog messages after a threat is identified.

Figure 1: RAPIDS Overview

AirWave 8.2.x and RAPIDS | User Guide Overview | 5

6 | Overview A irWave 8.2.x and RAPIDS | User Guide

+ 12 hidden pages