Systems and methods for network security
First Claim
Patent Images
1. A network security system, the system comprising:
- a) a system data store capable of storing risk criteria data, network default data, and network performance and usage data;
b) a first communication interface comprising a receiver that receives inbound communications from a communication channel associated with the communication interface;
c) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and wherein the system processor is programmed or adapted to perform the steps comprising of;
i) receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface;
ii) detecting a violation by applying a plurality of tests that each compare the received data with data in the system data store or information derived therefrom;
iii) generating an alarm signal if a violation was detected.
8 Assignments
0 Petitions
Accused Products
Abstract
A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting communication over a communication channel and a system processor. Data corresponding communications transmitted over the wireless communication network are received. One or more tests are applied to the received data to determine whether a particular communication represents a potential security violation. An alarm may be generated based upon the results of the applied test or tests.
-
Citations
29 Claims
-
1. A network security system, the system comprising:
-
a) a system data store capable of storing risk criteria data, network default data, and network performance and usage data;
b) a first communication interface comprising a receiver that receives inbound communications from a communication channel associated with the communication interface;
c) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and wherein the system processor is programmed or adapted to perform the steps comprising of;
i) receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface;
ii) detecting a violation by applying a plurality of tests that each compare the received data with data in the system data store or information derived therefrom;
iii) generating an alarm signal if a violation was detected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A network security method, the method comprising the steps of:
-
a) receiving configuration information comprising one or more risk criteria, network default data, network policy, performance and usage data from a configuration file, an interactive data entry interface or a command line;
b) receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame;
c) updating a database containing data corresponding to stations in the wireless computer network based upon the received data;
d) updating state information associated with the wireless computer network based upon the received data;
e) if a statistical interval has ended based upon the received data or a fixed time interval, updating a database of statistics associated with the wireless computer network;
f) testing the received data to determine if it represents a signature violation by comparing the received data with configuration information or information derived therefrom;
g) testing the received data to determine if it represents a protocol violation by comparing the received data with configuration information or information derived therefrom;
h) testing the received data to determine if it represents a statistical anomaly by comparing the received data with configuration information, information derived therefrom or information in the database of statistics associated with the wireless computer network;
i) testing the received data to determine if it represents a policy violation by comparing the received data with configuration information or information derived therefrom;
j) generating an alarm signal if the received data represents a signature violation, a protocol violation, a statistical anomaly or a policy violation, wherein the generated alarm signal comprises a type and a severity;
k) in response to the generated alarm, i) notifying an administrator of the generated alarm, its type and its severity;
orii) actively defending the wireless computer network based upon the generated alarm'"'"'s type and severity by;
1) jamming wireless transmissions;
2) CRC errors;
3) transmitting frames comprising random data;
4) locking-down the wireless computer network;
or5) activating a honeypot defense by;
(a) from the received data, determining the channel used for transmitting the signal, an access point to which the signal was directed and a station originating the signal;
(b) reconfiguring the access point and authorized stations to communication using a channel other than the determined channel; and
(c) interacting with the station originating the signal using the determined channel; and
l) mapping station identity; and
m) mapping station location. - View Dependent Claims (28)
-
-
29. A network security system, the system comprising:
-
a) storing means for receiving and storing risk criteria data, network default data, and network performance and usage data;
b) configuration means for receiving configuration information and forwarding the received configuration information to the storing means;
c) frame data receiving means for receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame;
d) database update means for transferring updated data to the storing means based upon data received by the frame data receiving means;
e) testing means for applying a plurality of tests to data received by the frame data receiving means, wherein each of the plurality of tests is of a type selected from the group consisting of signature test, protocol test, statistical anomaly test and policy test and wherein each test compares data received by the frame data receiving means with data in the storing means or information derived therefrom;
f) alarm means for generating an alarm signal if the data received by the frame data receiving means represents a signature violation, a protocol violation, a statistical anomaly or a policy violation as determined by the testing means, wherein the generated alarm signal comprises a type and a severity;
g) notification means for notifying an administrator of an alarm generated by the alarm means, its type and its severity;
h) active defense means for actively defending the wireless computer network based upon the type and severity of an alarm generated by the alarm means by;
i) jamming wireless transmissions;
ii) CRC errors;
iii) transmitting frames comprising random data;
iv) locking-down the wireless computer network;
orv) activating a honeypot defense by;
1) from the received data, determining the channel used for transmitting the signal, an access point to which the signal was directed and a station originating the signal;
2) reconfiguring the access point and authorized stations to communication using a channel other than the determined channel; and
3) interacting with the station originating the signal using the determined channel; and
i) mapping means for mapping station identity or location.
-
Specification