Method and system for actively defending a wireless LAN against attacks
First Claim
1. A network security system, the system comprising:
- a) a system data store capable of storing network default and configuration data;
b) a wireless transmitter capable of transmitting communications over a wireless computer network;
c) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of;
i) receiving an active defense request signal, wherein the request signal comprises an indicator corresponding to a potentially compromised access point in the wireless computer network; and
ii) responsive to the received request signal, triggering one or more of the following defensive actions;
1) transmitting a signal via the wireless transmitter to jam communications targeted at the potentially compromised access point;
2) transmitting a signal via the wireless transmitter to corrupt communications targeted at the potentially compromised access point by introducing CRC errors;
3) transmitting a signal via the wireless transmitter to increase difficulty associated with breaking of encryption associated with the wireless computer network and the potentially compromised access point, wherein the signal includes packets emulating legitimate traffic but with randomized payloads;
or 4) transmitting a channel change request communication via the wireless transmitter to the potentially compromised access point.
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.
-
Citations
23 Claims
-
1. A network security system, the system comprising:
-
a) a system data store capable of storing network default and configuration data;
b) a wireless transmitter capable of transmitting communications over a wireless computer network;
c) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of;
i) receiving an active defense request signal, wherein the request signal comprises an indicator corresponding to a potentially compromised access point in the wireless computer network; and
ii) responsive to the received request signal, triggering one or more of the following defensive actions;
1) transmitting a signal via the wireless transmitter to jam communications targeted at the potentially compromised access point;
2) transmitting a signal via the wireless transmitter to corrupt communications targeted at the potentially compromised access point by introducing CRC errors;
3) transmitting a signal via the wireless transmitter to increase difficulty associated with breaking of encryption associated with the wireless computer network and the potentially compromised access point, wherein the signal includes packets emulating legitimate traffic but with randomized payloads;
or4) transmitting a channel change request communication via the wireless transmitter to the potentially compromised access point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A network security method, the method comprising the steps of:
-
a) receiving configuration information comprising network configuration and default data from a configuration file, an interactive data entry interface or a command line interface or from monitoring a wireless computer network;
b) receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an access point indicator corresponding to a potentially compromised access point in the wireless computer network and a risk indicator;
c) responsive to the received request signal, selecting one or more defensive actions based upon the received request signal from the group consisting of;
i) transmitting a signal to jam communications targeted at the potentially compromised access point;
ii) transmitting a signal to corrupt communications targeted at the potentially compromised access point by introducing CRC errors;
iii) transmitting a signal to increase difficulty associated with breaking of encryption associated with the wireless computer network and the potentially compromised access point, wherein the signal comprises packets emulating legitimate traffic but with randomized payloads; and
iv) transmitting a channel change request communication to the potentially compromised access point; and
d) triggering the selected one or more defensive actions; and
e) identifying a node or location associated with a potential intruder interacting with the potentially compromised access point. - View Dependent Claims (22)
-
-
23. A network security system, the system comprising:
-
a) storing means for receiving and storing configuration information comprising network configuration and default data;
b) wireless receiving means for receiving communications transmitted over the wireless communication network;
c) wireless transmitting means for transmitting communications over the wireless communication network;
d) defense request receiving means for receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an access point indicator corresponding to a potentially compromised access point in the wireless computer network and a risk indicator;
e) active defense means for selecting one or more defensive actions based upon a received request signal received by the defense request receiving means from the group consisting of;
i) transmitting a signal via the wireless transmitting means intended to jam communications targeted at the potentially compromised access point;
ii) transmitting a signal via the wireless transmitting means to corrupt communications targeted at the potentially compromised access point by introducing CRC errors;
iii) transmitting a signal via the wireless transmitting means to increase difficulty associated with breaking of encryption associated with the wireless computer network and the potentially compromised access point, wherein the signal includes packets emulating legitimate traffic but with randomized payloads; and
iv) transmitting a channel change request communication to the potentially compromised access point via the wireless transmitting means; and
for triggering the selected one or more defensive actions; and
f) mapping means for identifying a node or location associated with a potential intruder interacting with the potentially compromised access point.
-
Specification