Systems and methods for network vulnerability assessment and protection of Wi-fi networks using a cloud-based security system
First Claim
1. A method assessing Wi-Fi network vulnerability and enforcing policy based thereon in a cloud-based security system, the method comprising:
- obtaining and storing security risk scores for a plurality of Wi-Fi networks based in part on analysis of physical properties of the plurality of Wi-Fi networks performed by user equipment in range of each of the plurality of Wi-Fi networks, the physical properties comprising at least one of Service Set Identifier (SSID), Dynamic Host Configuration Protocol (DHCP) options, geolocation, security protocol and encryption standards, and router properties;
detecting user equipment associated with the cloud-based security system either desiring to connect to or establishing a connection to a Wi-Fi network;
obtaining a security risk score of the Wi-Fi network from the user equipment associated with the cloud-based security system via one of a separate wireless network and the Wi-Fi network; and
enforcing policy for the user equipment associated with the cloud-based security system based on the obtained security risk score of the Wi-Fi network.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods of assessing Wi-Fi network vulnerability and enforcing policy based thereon in a cloud-based security system include obtaining and storing security risk scores for a plurality of Wi-Fi networks based in part on analysis performed by user equipment in range of each of the plurality of Wi-Fi networks; detecting user equipment associated with the cloud-based security system either desiring to connect to or already connected to a Wi-Fi network; obtaining a security risk score of the Wi-Fi network; and enforcing policy for the user equipment based on the obtained security risk score of the Wi-Fi network.
-
Citations
18 Claims
-
1. A method assessing Wi-Fi network vulnerability and enforcing policy based thereon in a cloud-based security system, the method comprising:
-
obtaining and storing security risk scores for a plurality of Wi-Fi networks based in part on analysis of physical properties of the plurality of Wi-Fi networks performed by user equipment in range of each of the plurality of Wi-Fi networks, the physical properties comprising at least one of Service Set Identifier (SSID), Dynamic Host Configuration Protocol (DHCP) options, geolocation, security protocol and encryption standards, and router properties; detecting user equipment associated with the cloud-based security system either desiring to connect to or establishing a connection to a Wi-Fi network; obtaining a security risk score of the Wi-Fi network from the user equipment associated with the cloud-based security system via one of a separate wireless network and the Wi-Fi network; and enforcing policy for the user equipment associated with the cloud-based security system based on the obtained security risk score of the Wi-Fi network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A cloud node in a cloud-based security system configured to assess Wi-Fi network vulnerability and enforce policy based thereon, the cloud node comprising:
-
a network interface; a processor communicatively coupled to the network interface; and memory storing instructions that, when executed, cause the processor to; obtain and store security risk scores for a plurality of Wi-Fi networks based in part on analysis of physical properties of each of the plurality of Wi-Fi networks performed by user equipment in range of each of the plurality of Wi-Fi networks, the physical properties comprising at least one of Service Set Identifier (SSID), Dynamic Host Configuration Protocol (DHCP) options, geolocation, security protocol and encryption standards, and router properties; detect user equipment associated with the cloud-based security system either desiring to connect to or establishing a connection to a Wi-Fi network; obtain a security risk score of the Wi-Fi network from the user equipment associated with the cloud-based security system via one of a separate wireless network and the Wi-Fi network; and enforce policy for the user equipment associated with the cloud-based security system based on the obtained security risk score of the Wi-Fi network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A cloud-based security system configured to assess Wi-Fi network vulnerability and enforce policy based thereon, the cloud-based security system comprising:
-
one or more cloud nodes; and a central authority communicatively coupled to the one or more cloud nodes, wherein the one or more cloud nodes are configured to obtain security risk scores for a plurality of Wi-Fi networks based in part on analysis of physical properties of each of the plurality of Wi-Fi networks performed by user equipment in range of each of the plurality of Wi-Fi networks and provide to the central authority, the physical properties comprising at least one of Service Set Identifier (SSID), Dynamic Host Configuration Protocol (DHCP) options, geolocation, security protocol and encryption standards, and router properties; detect user equipment associated with the cloud-based security system either desiring to connect to or establishing a connection to a Wi-Fi network; obtain a security risk score of the Wi-Fi network from the user equipment associated with the cloud-based security system via one of a separate wireless network and the Wi-Fi network; and
enforce policy for the user equipment associated with the cloud-based security system based on the obtained security risk score of the Wi-Fi network.
-
Specification