Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

US 20050128989A1
Filed: 10/15/2004
Published: 06/16/2005
Est. Priority Date: 12/08/2003
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring a selected region of an airspace associated with local area networks of computing devices, the method comprising:

providing one or more segments of a legacy local area network to be protected in a selected geographic region, the legacy local area network being characterized by an unsecured airspace within the selected geographic region;

determining a security policy associated with the one or more segments of the legacy local area network, the security policy at least characterizing a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored;

connecting one or more sniffer devices into the legacy local area network, the one or more sniffer devices being spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy;

coupling a security appliance to the legacy local area network;

determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected;

determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured;

monitoring wireless activity in the airspace using the one or more sniffer devices;

automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected;

detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity; and

automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy. Moreover, the method includes coupling a security appliance to the legacy local area network. The method also includes determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected and determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured. The method additionally includes monitoring wireless activity in the airspace using the one or more sniffer devices, and automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected. Further, the method includes detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity, and automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected.

Citations

52 Claims

1. A method for monitoring a selected region of an airspace associated with local area networks of computing devices, the method comprising:
- providing one or more segments of a legacy local area network to be protected in a selected geographic region, the legacy local area network being characterized by an unsecured airspace within the selected geographic region;
  
  determining a security policy associated with the one or more segments of the legacy local area network, the security policy at least characterizing a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored;
  
  connecting one or more sniffer devices into the legacy local area network, the one or more sniffer devices being spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy;
  
  coupling a security appliance to the legacy local area network;
  
  determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected;
  
  determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured;
  
  monitoring wireless activity in the airspace using the one or more sniffer devices;
  
  automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected;
  
  detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity; and
  
  automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 2. The method of claim 1 wherein the action is selected from raising an alert and/or logging an alert, the logging comprising a time and date stamp.
  - 3. The method of claim 1 wherein the action comprises a selective prevention process directed to selectively restricting one or more wireless devices associated with the violation of the security policy, the selective restriction comprising preventing an engagement in wireless communication of the one or more wireless devices with the legacy local area network.
  - 4. The method of claim 1 wherein the action comprises a selective prevention process directed to restricting one or more wireless devices associated with the violation of the security policy from engaging in wireless communication without detrimentally influencing any of the other wireless devices;
    - wherein the selective prevention process has been provided using at least the automatic classification process.
  - 5. The method of claim 1 wherein the legacy local area network is coupled to the Internet through a conventional firewall.
  - 6. The method of claim 1 wherein the legacy local area network is a trusted network.
  - 7. The method of claim 1 wherein the unsecured airspace comprises one or more unauthorized wireless signals transferred therein.
  - 8. The method of claim 1 wherein the unsecured airspace is susceptible to one or more intrusions into the legacy local area network using the unsecured airspace.
  - 9. The method of claim 1 wherein the unsecured airspace is susceptible to one or more denial of service attacks on the legacy local area network using the unsecured airspace.
  - 10. The method of claim 1 wherein the unsecured airspace is airspace in a vicinity of the connection point to the local area network.
  - 11. The method of claim 10 wherein the connection point is an Ethernet port.
  - 12. The method of claim 10 wherein the connection port is a wireless access point.
  - 13. The method of claim 1 wherein the legacy local area network comprises one or more computing devices having a wireless transmitter/receiver.
  - 14. The method of claim 1 wherein the security policy is one of a plurality of security policies.
  - 15. The method of claim 1 wherein the to be denied wireless activity is associated with an unauthorized wireless device.
  - 16. The method of claim 1 wherein the to be ignored wireless activity is associated with a friendly neighbor'"'"'s wireless device.
  - 17. The method of claim 1 wherein the to be ignored wireless activity is associated with a wireless device that is not connected to the segment of the legacy local area network to be protected.
  - 18. The method of claim 1 wherein the to be denied wireless activity is associated with an authorized wireless device that is not at a predetermined physical location.
  - 19. The method of claim 1 wherein the to be denied wireless activity is associated with an authorized wireless device that is not connected into a predetermined segment of the local area network.
  - 20. The method of claim 1 wherein the to be denied wireless activity is associated with an unauthorized wireless device connected into the one or more segments of the local area network to be protected.
  - 21. The method of claim 1 wherein the to be denied wireless activity is associated with a misconfigured authorized wireless device.
  - 22. The method of claim 1 wherein the to be denied wireless activity is associated with an unauthorized wireless device masquerading as an authorized wireless device.
  - 23. The method of claim 1 wherein the classification process determining if at least one wireless device involved in the wireless activity is directly connected to the local area network.
  - 24. The method of claim 1 wherein the classification process further comprising determining if at least one wireless device involved in the wireless activity is unauthorized.
  - 25. The method of claim 1 wherein the classification process includes transmitting one or more test signals in the airspace using at least one of the one or more sniffer devices.
  - 26. The method of claim 1 wherein the classification process includes transferring one or more test signals into the segment of the legacy local are network to be protected or monitored, using at least one of the one or more sniffer devices.
  - 27. The method of claim 1 wherein the classification process does not transmit test signals in the airspace.
  - 28. The method of claim 1 further comprising displaying an indication associated with the violation of the wireless security policy on a user interface of a display coupled to the security appliance.
  - 29. The method of claim 28 further comprising displaying a probability distribution of a physical location of a wireless device causing the violation in relation to a spatial layout of the selected geographic region.
  - 30. The method of claim 28 wherein the indication is associated with an intruder device.
  - 31. The method of claim 1 wherein the determining if the one or more sniffer devices covers is characterized by an ability of the one or more sniffers to prevent a selected portion of wireless activity within the portion of the unsecured airspace.
  - 32. The method of claim 1 wherein the determining if the one or more sniffer devices covers is characterized by an ability of the one or more sniffers to detect a selected portion of wireless activity within the portion of the unsecured airspace.
  - 33. The method of claim 1 wherein the determining if the one or more sniffer devices covers is characterized by a radio coverage of the one or more sniffer devices, the radio coverage is provided using a computer based model of a spatial layout of the selected geographic region.
  - 34. The method of claim 33 wherein the computer based model comprises information selected from at least one or more physical dimensions of one or more layout components, one or more material types of the layout components, and a spatial location of the one or more layout components.
  - 35. The method of claim 33 wherein the computer based model comprises a prediction process.
  - 36. The method of claim 33 further comprising displaying the layout of the selected geographic region on a user interface of a display.
  - 37. The method of claim 36 further comprising dragging and dropping one or more indications associated respectively with the one or more sniffer devices on a user interface of a display coupled to the security appliance.
  - 38. The method of claim 37 further comprising displaying one or more second indications associated with each of the one or more sniffer devices to visually illustrate a radio coverage region for each of the one or more sniffer devices in relation to the layout of the selected geographic region.
  - 39. The method of claim 1 further comprising displaying one or more indications associated with the sniffer coverage and determining if the one or more indications illustrates the substantial coverage in visual form of the portion of the unsecured airspace to be secured.
  - 40. The method of claim 1 further comprising predicting radio signal coverage associated with one or more authorized wireless devices in the legacy local area network;
    - wherein the predicting is based at least on information associated with a spatial layout of the selected geographic region and locations of the one or more authorized wireless devices in relation to the layout.
  - 41. The method of claim 40 further comprising displaying one or more indications associated with at least one of the authorized wireless devices in relation to the layout.
  - 42. The method of claim 40 wherein the location of at least one of the authorized wireless devices is determined based at least on observed receive signal strength from wireless activity originating from the wireless device at one or more of the sniffer devices.
  - 43. The method of claim 40 further comprising generating baseline data for at least one of the sniffer devices, the baseline data including information associated with predicted receive signal strength from the one or more authorized wireless devices, wherein the information is based on a location of the sniffer device in the selected geographic region.
  - 44. The method of claim 1 wherein the classification process comparing a portion of information associated with the monitoring of the wireless activity with baseline data associated with each of the sniffer devices.
  - 45. The method of claim 1 further comprising filtering traffic associated with the communication of the device causing the violation in a port in the legacy local area network.

46. A method for monitoring and displaying selected wireless activity in a selected geographic region, the method comprising:
- providing one or more segments of a legacy local area network to be protected in a selected geographic region, the legacy local area network being characterized by an unsecured airspace within the selected geographic region;
  
  displaying an illustration of the selected geographic region associated with the one or more segments of the legacy local area network on a computer display;
  
  determining a security policy associated with the one or more segments of the local area network in the selected geographic region, the security policy at least characterizing a type of wireless activity to be permitted, denied, or ignored;
  
  connecting one or more sniffer devices into the legacy local area network to be protected within the selected geographic region;
  
  coupling a security appliance to the legacy local area network;
  
  determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected;
  
  determining if the one or more sniffer devices substantially covers a portion of the unsecured airspace to be secured;
  
  monitoring wireless activity in the airspace associated with the legacy local area network using the one or more sniffer devices;
  
  automatically classifying a portion of information associated with the monitoring of the wireless activity in the airspace;
  
  detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity in the airspace associated with the legacy local area network;
  
  automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network;
  
  displaying an indication associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network;
  
  displaying a spatial location and associated coverage of one or more of the sniffer devices; and
  
  displaying a spatial location and associated coverage of at least one access point in the one or more segments of the legacy local area network.
- View Dependent Claims (47, 48, 49, 50)
- - 47. The method of claim 46 wherein the indication is an alert.
  - 48. The method of claim 47 wherein the alert comprises text portion.
  - 49. The method of claim 48 wherein the indication is a graphical display of wireless activity associated with the violation of the security policy.
  - 50. The method of claim 46 wherein the indication comprises a location of an intruder device in the selected geographic region.

51. A method for monitoring a selected region of an airspace having multiple wireless signal activities associated with local area network of computing devices comprising one or more network segments, the method comprising:
- providing one or more segments of a legacy local area network to be protected in a selected geographic region, the legacy local area network being characterized by an unsecured airspace within or in a vicinity of the selected geographic region;
  
  determining a security policy associated with the one or more segments of the legacy local area network to be protected, the security policy at least characterizing a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored;
  
  coupling one or more sniffer devices into the legacy local area network, the one or more sniffer devices being spatially disposed within or in a vicinity of the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy;
  
  coupling a security appliance to the legacy local area network;
  
  determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected;
  
  determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured;
  
  monitoring a plurality of wireless activities in the airspace using the one or more sniffer devices;
  
  automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activities to at least determine if the one or more of the wireless activities is coupled to at least one of the one or more segments to be protected;
  
  detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activities, the classifying selectively identifying the violation of the security policy from a plurality of events associated with the wireless activities; and
  
  automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected, the action comprising a selective prevention process to restrict the one or more wireless devices associated with the violation of the security policy from engaging in wireless communication with the legacy local area network without detrimentally influencing any of the other wireless devices.

52. A method for monitoring a selected region of an airspace associated with local area networks of computing devices, the method comprising:
- providing one or more segments of a legacy local area network to be protected in a selected geographic region, the legacy local area network being characterized by an unsecured airspace within the selected geographic region;
  
  determining a security policy associated with the one or more segments of the legacy local area network, the security policy at least characterizing a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored;
  
  connecting one or more sniffer devices into the legacy local area network, the one or more sniffer devices being spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy;
  
  coupling a security appliance to the legacy local area network;
  
  determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured;
  
  monitoring wireless activity in the airspace using the one or more sniffer devices;
  
  automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected;
  
  detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity; and
  
  automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arista Networks, Inc.
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
King, David C., Rawat, Jai, Chaskar, Hemant, Bhagwat, Pravin

Granted Patent

US 7,002,943 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/338
CPC Class Codes

H04K 2203/18   for wireless local area net...

H04K 3/65   using deceptive jamming or ...

H04K 3/86   related to preventing decep...

H04K 3/94   related to allowing or prev...

H04L 41/28   Restricting access to netwo...

H04L 61/103   across network layers, e.g....

H04L 61/2514   between local and global IP...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04W 12/069   using certificates or pre-s...

H04W 12/088   using filters or firewalls

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links