Jumaat, 17 Oktober 2008

What Is Blacklisting?

Blacklisting prevents a wireless client from associating with any AP in the network for a specified amount of time. If a client is connected to the network when it is blacklisted, a deauthentication message is sent to force the client to disconnect. While blacklisted, the client cannot associate with another SSID in the network. The authorize SSID for IIUM community (staff and student) is iium-community.

Methods Of Blacklisting

If the system find out that the client fails to successfully authenticate for a configured number of times for a specified authentication method. The client is automatically blacklisted. The Aruba controller deploys the detection method of a denial of service (DoS) or man in the middle (MITM) attack in the network. If the user attempt to launch DoS and MITM attack in the wireless environment in IIUM, they will immediately being blacklisted by the controller.

Duration Of Blacklisting

IT Division can configure the duration that clients are blacklisted.

For clients that are blacklisted due to authentication failure. By default, this is set to 0 (the client is blacklisted indefinitely).

For clients that are blacklisted due to other reasons, including manual blacklisting. By default, this is set to 3600 seconds (one hour). But, ITD can set this to 0 to blacklist clients indefinitely.

Considerations When Blacklisting Clients

Blacklisting clients allows the administrator to allow the network infrastructure to handle policy enforcement. Blacklisted users will be completely disconnected from the wireless network, so some care should be exercised when applying the blacklist rule to users. Commonly this rule is used to protect the network from devices running weak encryption (not supproting WPA, WPA2 athentication method), such as scanner guns and wireless phones. It can also be used to secure sensitive IIUM wireless network infrastructure from users and especially guests or contractors, or to prevent hacking attempts

Source