Dell PowerConnect W-AirWave | User Guide Using RAPIDS and Rogue Classification | 163Chapter 7Using RAPIDS and Rogue ClassificationThis chapter provides an overview to rogue device and IDS event detection, alerting, and analysis using RAPIDSin AirWave, and contains the following sections: “Introduction to RAPIDS” on page 163 “Viewing Rogues on the RAPIDS > List Page” on page 172 “Setting Up RAPIDS” on page 165 “Defining RAPIDS Rules” on page 168 “Score Override” on page 176 “Using the Audit Log” on page 177 “Additional Resources” on page 178Introduction to RAPIDSRogue device detection is a core component of wireless security. With the RAPIDS rules engine and containmentoptions, you can create a detailed definition of what constitutes a rogue device, and quickly act on a rogue AP forinvestigation, restrictive action, or both. Once rogue devices are discovered, RAPIDS alerts your security team ofthe possible threat and provides essential information needed to locate and manage the threat.RAPIDS discovers unauthorized devices in your WLAN network in the following ways: Over the Air Using your existing enterprise APs Optional AirWave Management Client (AMC) On the Wire Polling routers and switches to identify, classify, and locate unknown APs Using HTTP and SNMP scanning Using the controller’s wired discovery informationFurthermore, RAPIDS integrates with external intrusion detection systems (IDS), as follows: Dell WIP—Dell PowerConnect W’s Wireless Intrusion Protection (WIP) module integrates wirelessintrusion protection into the mobile edge infrastructure. The WIP module provides wired and wireless APdetection, classification and containment; detects DoS and impersonation attacks; and prevents client andnetwork intrusions. Cisco WLSE (1100 and 1200 IOS)—AMP fetches rogue information from the HTTP interface and gets newAP information from SOAP API. This system provides wireless discovery information rather than roguedetection information. AirMagnet Enterprise—Retrieves a list of managed APs from AMP. AirDefense—Uses the AMP XML API to keep its list of managed devices up to date. WildPackets OmniPeek—Retrieves a list of managed APs from AMP.NOTE: To set up a scan, refer to “Discovering and Adding Devices” on page 105.
