• SonicOS 7.0
• Wireless Overview
  • Device Support
  • Compliance
  • Considerations for Using Wireless Connections
  • Adjusting the Antennas
  • Wireless Node Count Enforcement
  • About MAC Address Filtering
• Status
  • WLAN Settings
  • WLAN Statistics
  • WLAN Activities
  • Station Status
• Settings
  • Access Point
    • Wireless Settings
      • 802.11n Wireless Settings
      • 802.11a/b/g Wireless Settings
      • 802.11ac Wireless Settings
    • Wireless Virtual Access Point
  • Wireless Station
    • Wireless Settings
    • Advanced Radio Settings
  • Access Point & Station
    • Wireless Settings
    • Wireless Virtual Access Point
    • Station Setting
• Security
  • About Authentication
  • Configuring the WEP Settings
  • Configuring WPA3/WPA2/WPA PSK Settings
  • Configuring WPA3/WPA2/WPA EAP Settings
• Advanced
  • Beaconing and SSID Controls
  • Green Access Point
  • Advanced Radio Settings
    • Configurable Antenna Diversity
• MAC Filter List
  • Deployment Considerations
  • Configuring MAC Filter List
• IDS - Wireless Intrusion Detection Service
  • Configuring IDS Settings
  • Discovered Access Points
• Virtual Access Point
  • Wireless Virtual AP Configuration Task List
  • Virtual Access Point Profiles
    • Virtual Access Point Schedule Settings
    • Virtual Access Point Profile Settings
      • WEP Encryption Settings
      • WPA-PSK / WPA2-PSK Encryption Settings
      • RADIUS Server Settings
    • ACL Enforcement
  • Virtual Access Point Objects
    • VAP General Settings
    • VAP Advanced Settings
  • Virtual Access Point Groups
  • Enabling the Virtual Access Point Group
• SonicWall Support
  • About This Document

IDS - Wireless Intrusion Detection Service

Wireless Intrusion Detection Services (IDS) greatly increase the security capabilities of the SonicWall wireless security appliances. They enable recognition of, and countermeasures against, Rogue Access Points. This is the most common type of illicit wireless activity.

Access Point IDS

When the Radio Role of the wireless security appliance is set to Access Point mode, Rogue Access Point detection, by default, acts in a passive mode (passively listening to other Access Point Beacon frames only on the selected channel of operation).

A Scan momentarily changes the Radio Role to allow the wireless security appliance to perform an active scan, and might cause a brief loss of connectivity for associated wireless clients. While in Access Point mode, the Scan function should only be scheduled when no clients are actively associated, or if the possibility of client interruption is acceptable.

Rogue Access Points

Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security. In general terms, an access point is considered rogue when it has not been authorized for use on a network. The convenience, affordability and availability of non-secure access points, and the ease with which they can be added to a network creates a easy environment for introducing rogue access points. The real threat emerges in a number of different ways, including unintentional and unwitting connections to the rogue device, transmission of sensitive data over non-secure channels, and unwanted access to LAN resources. While this doesn't represent a deficiency in the security of a specific wireless device, it is a weakness to the overall security of wireless networks.

The security appliance can alleviate this weakness by recognizing rogue access points potentially attempting to gain access to your network. It does this in two ways: active scanning for access points on all 2.4Ghz and 5GHz channels, and passive scanning (while in Access Point mode) for beaconing access points on a single channel of operation.

See also:

• Configuring IDS Settings
• Discovered Access Points