Wireless Intrusion Detection System (WIDS) in Fortinet’s Secure Wireless LAN (SWLAN) platform monitors for threats to the wireless environment and detects a range of attacks and misconfigurations.
The main threats detected by WIDS include:
Rogue access points: These are unauthorized APs plugged into the network, posing a security risk. WIDS scans and identifies any AP that is not part of the authorized network, flagging them as potential rogues.
Unauthorized wireless connections: WIDS can detect clients that connect to unauthorized or suspicious wireless networks, as well as unauthorized wireless devices attempting to connect to the network.
Analysis of Options:
A. Brute-force dictionary attacks:
WIDS does not specifically detect brute-force dictionary attacks against authentication. It focuses more on network topology threats and unauthorized devices.
B. Unauthorized wireless connection:
Correct. WIDS can detect unauthorized wireless connections, such as clients connecting to networks/APs that are not trusted.
C. Rogue access points:
Correct. Detecting rogue APs is a primary function of WIDS.
D. WPA2 authentication vulnerabilities:
WIDS does not specifically scan for cryptographic protocol vulnerabilities. It detects behavioral/network threats.
[References:, Official FortiOS 7.4 Administration Guide, WIDS/WIPS section: “WIDS can be configured to detect and alert on the presence of rogue APs, unauthorized wireless clients, and suspicious network activity.”, ]
