Detecting Active Exploits
The controller supports three active exploit alarms that serve as notifications of potential threats. They are enabled by default and therefore require no configuration on the controller.
-
ASLEAP detection—The controller raises a trap event if an attacker launches a LEAP crack tool. The trap message is visible in the controller’s trap log.
-
Fake access point detection—The controller tweaks the fake access point detection logic to avoid false access point alarms in high-density access point environments.
-
Honeypot access point detection—The controller raises a trap event if a rogue access point is using managed SSIDs (WLANs configured on the controller). The trap message is visible in the controller’s trap log.