• SonicOS 7.1 Access Points
• About SonicOS
  • About SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Access Points
• Settings
  • Synchronize Access Points
  • Provisioning Overview
  • Creating/Modifying Provisioning Profiles
    • Adding/Editing a Provisioning Profile - Getting Started
    • General Settings for Provisioning Profiles
    • 5GHz/2.4GHz Radio Basic Settings for Provisioning Profiles
      • Radio Settings
      • Wireless Security
      • Protected Management Frames (PMF Option)
      • About Local Radius Servers and EAP Authentication Balancing
      • Configuring Radius Server Settings
      • ACL Enforcement
      • Remote MAC Address Access Control Settings
    • 5GHz/2.4GHz Radio Advanced Settings for Provisioning Profiles
      • Configuring the RSSI Threshold
      • Configuring IEEE802.11r Settings for Secure Fast Roaming
      • Configuring IEEE802.11k Settings for Dynamic Radio Management
      • Configuring IEEE802.11v Settings for Dynamic Environment Management
    • Sensor Settings for WIDP in Provisioning Profiles
    • Mesh Network Settings for Provisioning Profiles
      • Setting Up a Mesh Network
      • Enabling a Multi-hop Mesh Network
      • Active/Active Clustering Full Mesh
    • 3G/4G/LTE WWAN Settings for Provisioning Profiles
      • Manually Configuring the 3G/4G/LTE WWAN Profile
      • Configuring Load Balancing among Multiple USB Modems
    • Bluetooth LE Settings for Provisioning Profiles
    • Deleting Access Point Profiles
    • Product Specific Configuration Notes
  • Managing Access Point Objects
    • Deleting Access Point Objects
    • Rebooting Access Point Objects
    • Modifying Access Point Objects
• Firmware Management
  • About Firmware Management
  • Obtaining the Latest SonicWall Firmware
  • Downloading Firmware from a Specific URL
  • Uploading Firmware to an Access Point
• Floor Plan View
  • Managing the Floor Plans
    • Selecting a Floor Plan
    • Creating a Floor Plan
    • Editing a Floor Plan
  • Managing Access Points
    • Available Devices
    • Added Access Points
    • Removing Access Points
    • Export Image
    • Context Menu
• Station Status
• Intrusion Detection Services
  • Scanning Access Points
  • Authorizing Access Points
• Advanced IDP
  • Enabling Wireless IDP on a Profile
  • Configuring Wireless IDP Settings
  • Viewing KRACK Sniffer Packets
• Packet Capture
• Virtual Access Points
  • Before Configuring VAPs
    • Determining Your VAP Needs
    • Determining Security Configurations
    • Sample Network Definitions
    • Prerequisites
    • VAP Configuration Worksheet
  • Access Point VAP Configuration Task List
  • Virtual Access Point Groups
  • Virtual Access Point Objects
    • General Tab
    • Advanced Tab
  • Virtual Access Point Profiles
    • Virtual Access Point Schedule Settings
    • Virtual Access Point Profile Settings
    • Remote MAC Address Access Control Settings
    • ACL Enforcement
    • IEEE802.11R Settings
    • IEEE802.11K Settings
    • IEEE802.11V Settings
    • Agile Multiband Settings
• RF Monitoring
  • Prerequisites
  • RF Monitoring Summary
  • 802.11 General Frame Setting
  • 802.11 Management Frame Setting
  • 802.11 Data Frame Setting
  • Discovered RF Threat Stations
  • Adding a Threat Station to the Watch List
  • Practical RF Monitoring Field Applications
    • Using Sensor ID to Determine RF Threat Location
    • Using RSSI to Determine RF Threat Proximity
• RF Analysis
  • Using RF Analysis on SonicWall Access Points
    • Understanding the RF Score
    • Channel Utilization Graphs and Information
    • Viewing Overloaded Channels
    • RFA Highly Interfered Channels
• RF Spectrum
• FairNet
  • Supported Platforms
  • FairNet Features
  • Management Interface Overview
  • Configuring FairNet
• Wi-Fi Multimedia
  • WMM Access Categories
  • Assigning Traffic to Access Categories
  • Configuring Wi-Fi Multimedia Parameters
    • Configuring WMM
    • Creating a WMM Profile for an Access Point
• 3G/4G/LTE WWAN
• Bluetooth LE Devices
  • Viewing BLE Scanned Data
• Radio Management
  • Configuring Radio Management
  • Configuring Dynamic Channel Selection Settings
• SonicWall Support
  • About This Document

Intrusion Detection Services

Rogue devices have emerged as one of the most serious and insidious threats to wireless security. In general terms, a device is considered rogue when it has not been authorized for use on the network. The convenience, afford-ability and availability of non-secure access points, and the ease with which they can be added to a network creates an easy environment for introducing rogue devices. The real threat emerges in a number of different ways:

• Unintentional and unwitting connections to the rogue device
• Transmission of sensitive data over non-secure channels
• Unwanted access to LAN resources

While this doesn't represent a deficiency in the security of a specific wireless device, it is a weakness to the overall security of wireless networks.

Intrusion Detection Services (IDS) greatly increase the security capabilities of the firewall because it helps the appliance recognize and take countermeasures against the most common types of illicit wireless activity. IDS reports on all access points the firewall can find by scanning the 802.11a, 802.11g, and 802.11n radio bands on the access points.

The DEVICE | Access Points > IDS page reports on all devices detected by the firewall and its associated access points, and provides the ability to authorize legitimate devices.

The following table describes the Discovered Access Point Table and entities that are displayed on the IDS page.

Table Column or Entity	Description
Entity
Search	Use the Search feature to locate specific access points.
View Style: Access Point	If you have more than one access point, you can select an individual access point from the Access Point drop-down menu or All Access Points if you want to see all of them.
Scan All	Initiates an operation to call all access points and identify connected devices.
Refresh	Refreshes the screen to display the most current list of access points in your network.
Discovered Access Points Table
Access Point	The access point name: shows only when All SonicPoints is selected in the View Style: Access Point drop-down menu.
MAC Address (BSSID)	The MAC address of the radio interface of the detected access point.
SSID	The radio SSID of the device.
Type	The radio band being used by the device: 2.4 GHz or 5 GHz.
Channel	The radio channel used by the device.
Authentication	The authentication type.
Cipher	The cipher mode.
Vendor	The vendor of the access point.
Signal Strength	The strength of the detected radio signal.
Max Rate	The fastest allowable data rate for the access point radio.
Authorize	When the Edit icon is clicked, the device is added to the address object group of authorized devices.

• Scanning Access Points
• Authorizing Access Points