Intrusion Detection Deployment Considerations

Before configuring WIPS support on a controller, service platform or access point, refer to the following deployment guidelines to ensure the configuration is optimally effective:

• WIPS is best utilized when deployed in conjunction with a corporate or enterprise wireless security policy. Since an organization's security goals vary, the security policy should document site specific concerns. The WIPS system can then be modified to support and enforce these additional security policies
• WIPS reporting tools can minimize administration time. Vulnerability and activity reports should automatically run and be distributed to the appropriate administrators. These reports should highlight areas to be investigated and minimize the need for network monitoring.
• It is important to keep your WIPS system firmware and software up to date. A quarterly system audit can ensure firmware and software versions are current.
• Only a trained wireless network administrator can determine the criteria used to authorize or ignore devices. You may want to consider your organization's overall security policy and your tolerance for risk versus users' need for network access. Some questions that may be useful in deciding how to classify a device are:
  • Does the device conform to any vendor requirements you have?
  • What is the signal strength of the device? Is it likely the device is outside your physical radio coverage area?
  • Is the detected access point properly configured according to your organization‘s security policies?
• Controller or service platform visibility to all deployed VLANs is recommended. If an external L3 device has been deployed for routing services, each VLAN should be 802.1Q tagged to the controller or service platform to allow the detection any unsanctioned APs physically connected to the network.
• Trusted and known access points should be added to an sanctioned AP list. This will minimize the number of unsanctioned AP alarms received.