Skip to main content
Support

Wireless > WIDS

Evan L'Heureux
  • Updated

Who can use this feature?

  • Any user with read-only or greater permissions

What is WIDS?

WIDS (Wireless Intrusion Detection System) helps protect your network by continuously monitoring for wireless security threats. It detects and alerts you to potential security risks in real-time. Currently, it detects:

  1. Honeypot SSIDS: External SSIDs broadcasting with identical names (Honeypot SSIDs) to the ones on your network.
  2. Rogue access points: Non-Meter access points that may be connected to the Meter network.

WIDS is built into every Meter Network and does not need to be enabled.

Accessing WIDS

WIDS can be found under Network > Wireless > WIDS.

Rouge APs

Rogue APs are wireless access points that are connected to the Meter network, broadcasting an SSID. These are discovered by comparing BSSIDs seen by Meter Access points to MAC addresses in Meter Switch MAC tables. Matches will show as a Rogue AP. Here is an example of this detection:

Clicking on the drop-down next to the Vendor information will reveal more details. If a Rogue AP is detected, the MAC address and Meter switch connection will be listed.

Each Meter access point that detects the Rogue AP will also be listed along with the SNR value to identify proximity. Higher SNR indicates that the rogue device is likely closer to that specific Meter access point.

It is important to note that not all ‘Rogue’ APs are malicious or will cause issues on the network. In this screenshot, a printer is being detected as a Rogue AP. This is likely expected and not harmful to the network. Adding this device to the Allowlist will prevent this device from being flagged as a Rogue AP.

Honeypot SSIDs

Honeypot SSIDs are unknown access points broadcasting identical SSIDs (the Wi-Fi network name) close enough to the Meter network that Meter APs can detect their signal. A honeypot SSID can be broadcast from a Rogue AP, but it can also be broadcast from an AP not connected to the Meter network. If a honeypot SSID is detected, it will be displayed here:

The list contains all detected Honeypot SSIDs. Clicking on one will show the Broadcasters or the device from which the SSID is originating. Clicking on a Broadcaster will list the Meter APs that detected the honeypot SSID:

Similar to Rogue APs, the SNR is also listed here. The Broadcaster will likely be closest to the Meter AP that is showing the highest SNR.

Allowlist

If you are actively monitoring for Rogue APs or Honeypot SSIDs, and getting alerts for a known safe device, the llowlist can be used to mark these APs or SSIDs as ‘safe’ and prevent alerts from firing.

Rogue APs can be added to the Allowlist using the ‘Actions’ menu:

Similarly, Honeypot SSIDs can be added in the same way:

Click on the Allowlist tab to view any allowed Rogue APs or SSIDs that may already exist. Click on an individual entry to edit or delete it with the Actions menu:

 

Allowlist entries can also be created manually by using the ‘Add entry’ button.

Enter the MAC address of the Rogue AP, or select an SSID to add to the Allowlist:


Alerting for Rogue APs or Honeypot SSIDs

Alerting for both Rogue APs and Honeypot SSIDs is available as separate triggers. See Settings > How to Configure Alerts.

If you have any questions about the WIDS or need further assistance, feel free to contact Meter Support at support@meter.com or submit a ticket at meter.com/support.

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.