Systems and methods for detecting network security deficiencies on endpoint devices
First Claim
1. A computer-implemented method for detecting network security deficiencies on endpoint devices, at least a portion of the method being performed by a network device comprising at least one processor, the method comprising:
- intercepting, at the network device, a request from an endpoint device to automatically connect to a wireless network;
evaluating whether the endpoint device is vulnerable to network attacks involving attempts to connect the endpoint device to illegitimate networks by;
extracting, from the request, a network identifier of the wireless network requested by the endpoint device;
creating, by the network device, a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network;
indicating that the wireless network that appears to be the requested wireless network is available to the endpoint device by sending, to the endpoint device from the network device, a response that contains the network identifier of the requested wireless network;
determining that the endpoint device establishes a network connection to the wireless network that appears to be the requested wireless network; and
determining, based on the endpoint device establishing the network connection to the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to the network attacks; and
directing, via the network connection, a user of the endpoint device to increase network security protocols on the endpoint device by at least one of;
preventing the endpoint device from automatically attempting to connect to the requested wireless network; and
removing the requested wireless network from a list of trusted wireless networks that indicates wireless networks to which the endpoint device automatically attempts to connect.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for detecting network security deficiencies on endpoint devices may include (i) detecting, at a network device, a request from an endpoint device to automatically connect to a wireless network, (ii) establishing, via the network device, a network connection between the endpoint device and a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network, (iii) determining, based on establishing the network connection between the endpoint device and the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to network attacks, and then (iv) facilitating, via the network connection, a security action on the endpoint device to protect the endpoint device against the network attacks. Various other methods, systems, and computer-readable media are also disclosed.
125 Citations
16 Claims
-
1. A computer-implemented method for detecting network security deficiencies on endpoint devices, at least a portion of the method being performed by a network device comprising at least one processor, the method comprising:
-
intercepting, at the network device, a request from an endpoint device to automatically connect to a wireless network; evaluating whether the endpoint device is vulnerable to network attacks involving attempts to connect the endpoint device to illegitimate networks by; extracting, from the request, a network identifier of the wireless network requested by the endpoint device; creating, by the network device, a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network; indicating that the wireless network that appears to be the requested wireless network is available to the endpoint device by sending, to the endpoint device from the network device, a response that contains the network identifier of the requested wireless network; determining that the endpoint device establishes a network connection to the wireless network that appears to be the requested wireless network; and determining, based on the endpoint device establishing the network connection to the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to the network attacks; and directing, via the network connection, a user of the endpoint device to increase network security protocols on the endpoint device by at least one of; preventing the endpoint device from automatically attempting to connect to the requested wireless network; and removing the requested wireless network from a list of trusted wireless networks that indicates wireless networks to which the endpoint device automatically attempts to connect. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for detecting network security deficiencies on endpoint devices, the system comprising:
-
a detection module, stored in memory, that is configured to intercept, at a network device, a request from an endpoint device to automatically connect to a wireless network; a connection module, stored in memory, that is configured to evaluate whether the endpoint device is vulnerable to network attacks involving attempts to connect the endpoint device to illegitimate networks by; extracting, from the request, a network identifier of the wireless network requested by the endpoint device; creating, by the network device, a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network; indicating that the wireless network that appears to be the requested wireless network is available to the endpoint device by sending, to the endpoint device from the network device, a response that contains the network identifier of the requested wireless network; and determining that the endpoint device establishes a network connection to the wireless network that appears to be the requested wireless network; a determination module, stored in memory, that is configured to determine, based on the endpoint device establishing the network connection to the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to the network attacks; a security module, stored in memory, that is configured to direct, via the network connection, a user of the endpoint device to increase network security protocols on the endpoint device by at least one of; preventing the endpoint device from automatically attempting to connect to the requested wireless network; and removing the requested wireless network from a list of trusted wireless networks that indicates wireless networks to which the endpoint device automatically attempts to connect; and at least one hardware processor configured to execute the detection module, the connection module, the determination module, and the security module. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a network device, cause the network device to:
-
intercept, at the network device, a request from an endpoint device to automatically connect to a wireless network; evaluate whether the endpoint device is vulnerable to network attacks involving attempts to connect the endpoint device to illegitimate networks by; extracting, from the request, a network identifier of the wireless network requested by the endpoint device; creating, by the network device, a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network; indicating that the wireless network that appears to be the requested wireless network is available to the endpoint device sending, to the endpoint device from the network device, a response that contains the network identifier of the requested wireless network; determining that the endpoint device establishes a network connection to the wireless network that appears to be the requested wireless network; and determining, based on the endpoint device establishing the network connection to the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to the network attacks; and direct, via the network connection, a user of the endpoint device to increase network security protocols on the endpoint device by at least one of; preventing the endpoint device from automatically attempting to connect to the requested wireless network; and removing the requested wireless network from a list of trusted wireless networks that indicates wireless networks to which the endpoint device automatically attempts to connect.
-
Specification