Wireless Intrusion Prevention System Requirements Specifications

advertisement

Wireless Intrusion Prevention System Requirements

Specifications Yes Yes, How would you do it?

1.0

1.1

1.2

1.3

Architecture Overview and System Technology

The WIPS system must be dedicated wireless security devices for monitoring the air space, detecting unauthorized connections and a centralized server/appliances that analyzes the data received from Sensor

The sensor must be capable of handling wireless devices that are typically visible at a location in a large deployment (e.g., 100 to 300 APs, 200 to 500 clients)

The sensor must completely support the IEEE 802.11a/b/g/n technology and support both the 2.4

& 5.0 GHz bands

1.4

1.5

1.6

The communication between the sensor and WIPS server/appliances must be secure

The WIPS system must support centralized policy management

The WIPS system must support wireless LAN security policy definition (per SSID, per location, per subnet)

1.7

1.8

1.9

1.10

Software and firmware Sensors must be upgradeable remotely

WIPS System must have zero-day attack detection and prevention capabilities related to wireless

The WIPS system must be based on industry standards

Sensors must be able to maintain security cover if they are disconnected from the WIPS

Server/appliance; ability to queue events during down time

1.11 The WIPS must be able to detect unauthorized connection within 10 sec to 1 minute and display on the console

1.12 The WIPS must be able to detect DoS attack on FTB Access Point and accurately identify the type of attack and source (mac address) within 10 sec to 1 minute and display on the console

1.13 The WIPS must be able to detect any attack and provide on the console detailed description of the problem and steps to mitigate the attack

1.14 The WIPS must be able to detect any attack on the FTB Access Point and accurately identify the type of attack and source within 10 sec to 1 minute and display on the console

1.15 The WIPS must be able to import CAD/CAM drawing for new and existing site

1.16 The WIPS must integrate with the Cisco Wireless LAN Controller

1

04/14/2020 11:28 AM

2.0

2.1

2.2

2.3

2.4

2.5

2.6

Wireless Intrusion Prevention System Requirements

Specifications

WIPS Ease of Deployment and Configuration

The WIPS system must automatically detect & classify authorized FTB APs without any manual intervention

The WIPS system must support AP restriction by SSID, vendor type, protocol, encryption, authentication and the type of radio frequency

The WIPS system must support multiple Enterprise Wireless LAN security policies at different geographical site, VLAN and subnet level

The WIPS system must support wireless vulnerability audits to identify prospective facilities

(Report by DO and Central Office)

The WIPS system must plug-and-play detection for sensors which could be multiple layer-3 hops away from the server/appliance

The WIPS system server must be accessible from anywhere using a web browser and provide access restriction to particular computers [IP pools etc]

Yes Yes, How would you do it?

2

04/14/2020 11:28 AM

Wireless Intrusion Prevention System Requirements

Specifications Yes Yes, How would you do it?

3.0 Classification

3.1.1 The WIPS system must auto-classify APs as managed, external and rogue APs

3.1.2 The WIPS system must have the capability of auto-classifying Wi-Fi clients as authorized, guest, rogue or external in addition to manual classification

3.1.3 The WIPS system must correctly detect Smart-devices connecting to FTB network and classify them as approved or unapproved

3.2 The WIPS system must support automatic detection of whether an AP is ON or OFF the FTB wired network. Ability to detect disconnection and unavailable service

3.3 The WIPS system must indicate if it cannot reliably detect whether a specific AP is ON or OFF the

FTB wired network

The WIPS system must be able to detect the following types of Rogue APs 3.4

3.4.1 Layer-2 unencrypted and Layer-2 encrypted (WEP, WPA and WPA2)

3.4.2 NAT-unencrypted and NAT-encrypted (WEP, WPA and WPA2)

3.4.3 Virtual OS such as Window 7, XP and Linux

3.4.4 Smartphone, Tablets and other WI-Fi enabled devices tethering when connected to FTB network

3.5

3.6

The WIPS system must detect Mis-configured authorized FTB APs

The WIPS system must detect FTB’s wireless client connecting to an outside AP

3.7

3.8

3.9

The WIPS system must detect an outside client trying to connect to the FTB’s WLAN

The WIPS system must detect an Ad hoc connection involving FTB authorized Wi-Fi devices

The WIPS system must detect masquerading attacks on both APs and clients(MAC spoofing attacks)

3.10 The WIPS system must detect Honey Pot (aka “Evil-Twin”) attacks

3.11 The WIPS system must detect Multipot APs

3.12 The WIPS system must detect AP MAC spoofing attacks across multiple locations and VLANs

3.13 The WIPS system must detect Layer-2 based wireless Denial of Service (DoS) attacks on FTB WLAN

3.14 The WIPS system must have configurable intrusion alert severity levels via email and text message

3.15 The WIPS system must support location tracking of a DoS attacker

3.16 The WIPS system must detect APs configured for multiple SSIDs

3.17 The WIPS system must detect a FTB Client bridging its Wired and Wireless interfaces

3

04/14/2020 11:28 AM

Wireless Intrusion Prevention System Requirements

Specifications Yes Yes, How would you do it?

4.0 Intrusion Prevention

4.1

4.2

The WIPS system must be capable of automatic prevention

The WIPS system must prevent the following types of rogue Aps

4.2.1 Layer-2 unencrypted and Layer-2 encrypted (WEP, WPA and WPA2)

4.2.2

4.2.3

NAT-unencrypted and NAT-encrypted (WEP, WPA and WPA2)

Ability provide footprint of an OS such as Window 7, XP and Linux

The WIPS system must prevent FTB’s wireless client from hopping between Multipot APs

The WIPS system must prevent an unapproved Smart-device from connecting to FTB AP.

Only FTB provided Smart-device must be allowed to connect to FTB authorized APs

4.2.4 Smartphone’s, tablets and other WI-Fi enabled devices tethering when connected to FTB network

4.3

4.4

The WIPS system must prevent connections to mis-configured FTB authorized APs

The WIPS system must prevent FTB’s wireless client connecting to an unauthorized AP. The AP can be an external AP to FTB network and/or a Rogue AP

4.5

4.6

4.7

4.8

The WIPS system must prevent an outside client trying to connect to the FTB’s WLAN

The WIPS system must prevent an Ad hoc connection

4.9 The WIPS system must prevent masquerading attacks (APs, clients)

4.10 The WIPS system must prevent Honey Pot (aka “Evil-Twin”) attacks

4.11

4.12

4.13

The WIPS system must prevent Multipot APs

The WIPS system must d prevent AP MAC spoofing attack across multiple locations and VLANs

The WIPS system must prevent any Layer-2 based wireless Denial of Service (DoS) attacks

4.14 The WIPS system must NOT affect the operation of an external (i.e. neighbors) or managed access point while preventing a rogue AP on the same channel

4.15 The WIPS system must allow a manual override for Intrusion Prevention

4.16 A single sensor must simultaneously block any attacks (as listed above) and continue to scan/detect new vulnerabilities

4.17 The WIPS system must prevent aggressive client connections

4.18 A single sensor must simultaneously block multiple threats on multiple channels

4.19 WIPS System must be able to block Wireless communications from a FTB Client bridging its wired and wireless interfaces

4

04/14/2020 11:28 AM

5.0

5.1

5.2

5.3

5.4

Wireless Intrusion Prevention System Requirements

Specifications

Threat Location and Real-time RF Visualization

The WIPS system must provide real-time RF coverage maps for detection & protection ranges for the deployed sensors

The WIPS system must provide real-time RF coverage maps for the managed APs to help estimate

RF leakage

The WIPS system must be able to locate APs on live coverage maps

The WIPS system must be able to locate clients (including ad hoc clients) on live coverage map

Yes Yes, How would you do it?

5

04/14/2020 11:28 AM

6.0

6.1

6.6

6.7

6.8

6.9

6.2

6.3

6.4

6.5

Wireless Intrusion Prevention System Requirements

Specifications

Reporting and Notification

The WIPS system must provide notification mechanism via email and Syslog messages for critical security breaches (i.e. a new rogue AP found)

The WIPS system must send notifications based on location and alarm type

The WIPS system must support addition of tags and notes to devices. Ability to foot print and keep notes for future reference

The WIPS system must support addition of acknowledgement notes to system alerts

The WIPS system must provide a device summary (for APs, sensors, and clients) report per location

The WIPS system must provide an event summary report

The WIPS system must categorize events by location (for ease of management)

The WIPS system must allow customization of existing reports and creation of new reports by end-user

The WIPS system must be able to send logs to Envision (RSA-Saalt)

Yes Yes, How would you do it?

6

04/14/2020 11:28 AM

7.0

7.1

Wireless Intrusion Prevention System Requirements

Specifications

High Availability and Failover

The sensors must work when not connected to the central server/appliance, implementing local security policies, ability to queue events during down time

Yes Yes, How would you do it?

7

04/14/2020 11:28 AM

8.6

8.7

8.0

8.1

8.2

8.3

8.4

8.5

Wireless Intrusion Prevention System Requirements

Specifications

Centralized Management

The WIPS system must have a network-wide Dashboard

The WIPS system must have a location-specific Dashboard

The WIPS system must support multiple, configurable user roles

The WIPS system must use directory management [e.g. Active Directory] to define user access

The WIPS system must support Simple Network Management Protocol (SNMP) traps for Network

Management Systems

The WIPS system must support a central policy for deploying Sensors in remote and district offices over any WAN link

The WIPS system must aggregate all alerts related to a particular threat together

Yes Yes, How would you do it?

8

04/14/2020 11:28 AM

Wireless Intrusion Prevention System Requirements

Specifications Yes Yes, How would you do it?

9.0 Wi-Fi Performance Monitoring and Forensics

9.1 WIPS System must provide detailed performance statistics for WLAN equipment

(statistics related with bandwidth, coverage etc.) and must not be tied to specific

WLAN vendors.

9.1.1 WIPS System must provide graphical details of WLAN utilization, average data rate, WLAN traffic etc. on a per AP basis

9.1.2 WIPS System must provide current list of clients connected to each AP

9.1.3 WIPS System must provide current list of clients connected to each AP and history

9.1.4 WIPS System must be able to retain events for 3 years and accessible in real time

9

04/14/2020 11:28 AM

Wireless Intrusion Prevention System Requirements

Specifications Yes Yes, How would you do it?

10.0 Quarterly Wireless Vulnerability Assessment

10.1 Vender must provide the detail reports, which include the wireless vulnerabilities, remediation steps in details

10.2 Vender must provide technical support during remediation process.

10

04/14/2020 11:28 AM

Download