System and method for wireless local area network monitoring and intrusion detection
First Claim
1. A system for detecting and managing intrusion to a computer network from an unknown wireless device, the system comprising:
- a security component residing on the computer network that;
passively monitors for network traffic received from an unknown wireless device;
creates a device profile of the unknown wireless device;
determines whether the unknown wireless device is an authorized device; and
if the unknown wireless device is determined to be an authorized device, permits the network traffic from the unknown wireless device to pass to the computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for providing real-time wireless network monitoring and intrusion detection. The present invention profiles wireless devices and maintains a database of known/authorized wireless device profiles. Wireless devices are analyzed to determine the threat level they pose to the network, and if the threat level exceeds a predetermined threshold, the invention refuses to bridge the network traffic from the wireless devices to the wired network. The present invention provides reporting of the wireless network activity, the known and unknown wireless devices, and the threat levels posed by the wireless devices. If an unknown wireless device is determined to be, or may be, a wireless access point, an alert is generated, such as notifying a system administrator to take appropriate action.
-
Citations
66 Claims
-
1. A system for detecting and managing intrusion to a computer network from an unknown wireless device, the system comprising:
a security component residing on the computer network that;
passively monitors for network traffic received from an unknown wireless device;
creates a device profile of the unknown wireless device;
determines whether the unknown wireless device is an authorized device; and
if the unknown wireless device is determined to be an authorized device, permits the network traffic from the unknown wireless device to pass to the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
18. A computer-implemented method for detecting intrusions to a computer network, comprising:
passively monitoring for network traffic received from an unknown wireless device, and upon detecting network traffic from the unknown wireless device;
creating a device profile of the unknown wireless device;
determining whether the unknown wireless device is an authorized device; and
if the unknown wireless device is determined to be an authorized device, permitting the network traffic from the unknown wireless device to pass to the computer network. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
34. A computer-readable medium having computer-executable instructions which, when executed, carry out the method for monitoring for detecting intrusions to a computer network, comprising:
passively monitoring for network traffic received an unknown wireless device, and upon detecting network traffic from the unknown wireless device;
creating a device profile of the unknown wireless device;
determining whether the unknown wireless device is an authorized device; and
if the unknown wireless device is determined to be an authorized device, permitting the network traffic from the unknown wireless device to pass to the computer network. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41)
-
42. A system for detecting unauthorized wireless access points on a computer network, the system comprising:
a security component residing on the computer network that;
passively monitors for network traffic from an unknown wireless device;
creates a device profile of the unknown wireless device;
determines whether the unknown wireless device is, or may be, a wireless access point according to the device profile;
if the unknown wireless device is, or may be, a wireless access point, compares the device profile of the unknown wireless device against device profiles of authorized wireless access points to determine whether the unknown wireless device is an authorized wireless access point; and
if the unknown wireless device is not determined to be an authorized wireless access point, generates an alert that the unknown wireless device is or may be an unauthorized wireless access point. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
54. A computer implemented method for detecting unauthorized wireless access points on a computer network, the method comprising:
-
passively monitoring for network traffic from an unknown wireless device; and
upon detecting network traffic from the unknown wireless device;
creating a device profile of the unknown wireless device;
determining whether the unknown wireless device is or may be a wireless access point according to the device profile; and
if the unknown wireless device is or may be a wireless access point;
comparing the device profile of the unknown wireless device against device profiles of authorized wireless access points to determine whether the unknown wireless device is an authorized wireless access point; and
generates an alert that the unknown wireless device is, or may be, an unauthorized wireless access point if the unknown wireless device is not determined to be an authorized wireless access point. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A computer-readable medium having computer-readable instructions which, when executed, carry out a method for monitoring for and detecting unauthorized wireless access points, the method comprising:
-
passively monitoring for network traffic from an unknown wireless device; and
upon detecting network traffic from an unknown wireless device;
creating a device profile of the unknown wireless device;
determining whether the unknown wireless device is or may be a wireless access point according to the device profile; and
comparing the device profile of the unknown wireless device against device profiles of authorized wireless access points to determine whether the unknown wireless device is an authorized wireless access point; and
notifying a system administrator that the unknown wireless device is or may be an unauthorized wireless access point if the unknown wireless device is not determined to be an authorized wireless access point.
-
Specification