Configure WIPS Signatures

About this task

A WIPS signature is the set or parameters, or pattern, used by WIPS to identify and categorize particular sets of attack behaviors in order to classify them.

The WIPS Signatures dashboard displays the following read-only data:
Setting Description
Name Lists the name assigned to each signature when it was created. A signature name cannot be modified as part of the edit process
Status Displays whether the signature is activated. A green check mark defines the signature as activated. A red “X” defines the signature as deactivated. Each signature is deactivated by default
BSSID MAC Displays each BSS ID MAC address used for matching purposes and potential device exclusion
Source MAC Displays each source MAC address of the packet examined for matching purposes and potential device exclusion
Destination MAC Displays each destination MAC address of the packet examined for matching purposes and potential device exclusion
Matching Frame Lists the frame types specified for matching with the WIPS signature
Matching SSID Lists each SSID used for matching purposes
Use the Action option to edit or delete a WIPS signature.

Procedure

  1. Select to create a new WIPS signature.
    The Basic dashboard opens.
  2. Assign a unique WIPS signature name not exceeding 64 characters.
  3. Select Add to create the new WIPS signature.
    The WIPS Signature basic settings dashboard opens.
  4. Configure the following network address information for a new or modified WIPS Signature:
    Setting Description
    Enable Signature Clear the checkbox to deactivate the WIPS signature for use with the profile. The signature is activated by default
    BSSID MAC Select BSSID MAC to define a BSS ID MAC address used for matching and filtering with the signature
    Source MAC Define a source MAC address for packets examined for matching, filtering, and potential device exclusion using the signature
    Destination MAC Set a destination MAC address for the packet examined for matching, filtering, and potential device exclusion with the signature
    Matching Frame Use the drop-down list box to select a frame type for matching and filtering with the WIPS signature
    Matching SSID Set the SSID used for matching and filtering with the signature. Ensure that it is specified properly, or the SSID will not be properly filtered
    SSID Length Set the character length of the SSID used for matching and filtering with this signature. The maximum length is 32 characters
    Wireless Client Threshold Specify the threshold limit per client that, when exceeded, signals the event. The configurable range is from 1 to 65,535
    Radio Threshold Specify the threshold limit per radio that, when exceeded, signals the event. The configurable range is from 1 to 65,535
    Filter Expiration Time Set a Filter Expiration from 1 through 86,400 seconds that specifies the duration a client is excluded from RF Domain manager radio association when responsible for triggering a WIPS event
  5. Select Add to create a new payload.
  6. Configure the following Payload settings:
    Setting Description
    Index Set the index between 1 and 3
    Pattern Assign a pattern for the payload
    Offset Set a offset between 0 and 255
    Action Select to delete a payload option
  7. Select Update to save the WIPS signature configuration.
9037026-03 Rev AA