Wireless Detection System (WIDS) detection technology is based on established, active defense behavior is network security, it can take the initiative to collect information from various network resources and internal systems and to analyze whether suffered.
The following references Baidu Encyclopedia passage from inside the "** preventing illegal devices, the need to protect the AP deployed monitoring cyberspace, monitoring AP periodically detected by a wireless radio signal detecting system ** WIDS (Wireless Intrusion Detection System) by AP wireless network equipment to understand the situation and take appropriate preventive measures against illegal equipment. " 
After reading this quote above you will understand our focus on network security WIFI, here we have to then introduce two models of WIDS , two working modes are important, first is to use wireless LAN Monitor mode, the data link layer is based on an IEEE 802.11 protocol to capture the object original frame, combined with the frame header information to detect IDS analysis, the WLAN access device testing and certification. The second mode is to use the Managed wireless card for capturing an Ethernet packet format based on the IEEE 802.3 protocol layer of the network, as based on the detection of the authentication hosts.
Was added in the network RADIUS (Remote Authentication Dial In User Service , Remote Authentication Dial In User Service) can achieve mutual authentication between the client and the AP, thus achieving the isolation and detection of fraudulent AP effect. Branch office wireless network usage can be sent to the headquarters of the SIEM server by the following example to centralized monitoring and management.
1. Install the wireless network card
▶ platform environment OSSIM 4, USB wireless network card wireless network card (chip model Realtek RTL8187).
RTL8187 this card easier to identify for Linux systems. Installed on the server wireless card into the console, type dmesg command to view the card chip model, shown in Figure 1-31. In addition, use lsmod | grep usbcore command can also view USB card information. 
Detecting a wireless LAN chip 1-31
▶ wireless installation debugging tool, the commands shown below.
# apt-get install wireless-tools
After installing the Wireless Toolkit, you can use iwconfig command to check the card information that you just added, and display the corresponding device name, device file where the wireless card is wlan0.
Input command iwconfig
LO NO Wireless Extensions.
Eth0 NO Wireless Extensions.
Wlan0 the IEEE 802.11bg the ESSID: OFF / the any
Mode: Managed Access Point: Not-the Associated the Tx-20 is the Power dBm =
the Retry limit Long: the RTS Thr. 7: Fragment Thr OFF: OFF
Key Encryption: OFF
Power Management: OFF
2. Set up a wireless network card
After debugging tools installed, use the command iwlist search for wireless network signal. : First start the interface using the following command
#ifconfig wlan0 up
Then, the wireless card starts scanning the entire network environment.
#iwlist wlan0 scanning
在本实例中加入了SSID为buff的无线网。为便于调试,不要隐藏无线网的SSID。操作命令如下:
#iwconfig wlan0 essid "buff"
#dhclient wlan0
最后,加入WiFi后通过DHCP客户端动态获取IP地址,通过ifconfig命令查看获取的IP地址。wlan0设备的详细配置信息会写入文件/etc/network/interfaces。待成功加入无线网络之后开始设置无线嗅探器。
3.安装kismet
kismet是一个便利的无线网络扫描程序,它能通过检测周围的无线信号来找到非法WLAN。这里使用它来扫描无线网络。
#apt-get update //更新源
#apt-get install kismet //安装kismet
4.设置kismet
① 编辑/etc/kismet/kismet.conf文件,找到“source=”这一行,将其改成source=rtl8187,wlan0,wlan0-wids,保存并退出。其中rtl8187代表设备驱动,wlan0代表网卡设备名称,wlan0-wids 为描述信息。
logdefault=192.168.11.10 // OSSIM传感器IP
logtemplate=/var/log/kismet/%n_%D-%i.%l
② 在/etc/init.d/目录下新建文件wids_alienvault.sh。
#vi wids_alienvault.sh
在其中加入如下两行:
#!/bin/sh
/usr/bin/kismet_server -l xml -t kismet -f /etc/kismet/kismet.conf 2>&1 | logger -t kismet -p local7.1
③ 给脚本文件加入执行权限。
#chmod 755 /etc/init.d/wids_alienvault.sh
④ 将“/etc/init.d/wids_alienvault.sh”这条语句加入/etc/rc.local脚本的倒数第2行(也就是exit 0语句的上面)。
⑤ 在OSSIM控制台下输入ossim-setup命令,依次选择Change Sensor Settings-Enable/ Disable detector plugins,选中kismet并保存退出,这时系统会提示重新配置。在后台,系统会将kismet选项加入到/etc/ossim/ossim_setup.conf文件中。
⑥ 修改kismet配置文件。
#vi /etc/ossim/agent/plugins/kismet.cfg
找到location=/var/log/syslog这一行,将其修改为如下内容。
location=/var/log/kismet.log
⑦ 实现自动化配置。
#vi /etc/cron.hourly/kismet
在其中加入如下两行:
#!/bin/bash
/usr/bin/perl /usr/share/ossim/www/wireless/fetch_kismet.pl
然后编辑/usr/share/ossim/www/wireless/fetch_kismet.pl 这个脚本中sites所带的IP地址。
#vi /usr/share/ossim/www/wireless/fetch_kismet.pl
找到$location=$sites{$ip}这一行,将其改成$sites{'192.168.11.10'}='/var/log/kismet'。此处IP为无线传感器的IP地址。
如果配置成功,则在命令行中输入kismet命令,将显示图1-32所示的欢迎界面。
图1-32 kismet界面
5.配置Rsyslog
在/etc/rsyslog.d/目录下新建文件 wids_alienvault.conf,并在其中加入以下内容:
. @192.168.11.10 //此处IP为OSSIM服务器的IP地址
然后重启动Rsyslog服务。接下来就可通过tail -f /var/log/kismet.log命令来检验成果了。
6.设置OSSIM无线传感器
在OSSIM的Web UI中进入菜单DEPLOYMENT→SYSTEM CONFIGURATION,配置SENSORS,输入无线网卡名称wlan0以及IP地址192.168.11.10,要确保正确加载了kismet服务,配置界面如图1-33所示。
在传感器配置选项中,添加wlan0为监听端口,监控网段为192.168.11.0/24。注意OSSIM系统中的插件Prads、Snort、Ntop和OSSEC需处于UP状态,如图1-34所示。
FIG wireless sniffer disposed 1-33 
1-34 configure the wireless network card
can verify mode wireless LAN Network option, shown in Figure 1-35. 
Figure 1-35 wireless LAN mode
last Analysis → Detection → Wireless IDS sub-menu in the Web UI configuration. Note that, the configuration will find no Location information first enters the user interface, the Setup button in the top right corner of the case should add a new Location, namely the above-set wlan0 [192.168.11.10], 1- FIG. 36 FIG. 
Figure 1-36 Set Location
except sniffer radio-based command line tool may also be added in a Web-based management tools OSSIM system. After setting WIDS, neighboring radio signal can be found, shown in Figure 1-37. 
See FIG. 1-37 wireless signal
to start a wireless sniffer, in OSSIM the SIEM console view kismet log information sent, as shown in FIG 1-38. 
Figure 1-38 kismet log in to view the SIEM
After receiving log kismet sent in the SIEM console, indicating that the setting is successful.
Read the note: This article is grateful words are replaced with **, when we read the replacement yourself, oh.