Method and System for Monitoring a Selected Region of an Airspace Associated with Local Area Networks of computing Devices

US 20070025313A1
Filed: 09/18/2006
Published: 02/01/2007
Est. Priority Date: 12/08/2003
Status: Active Grant

First Claim

Patent Images

1-51. -51. (canceled)

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy. Moreover, the method includes coupling a security appliance to the legacy local area network. The method also includes determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected and determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured The method additionally includes monitoring wireless activity in the airspace using the one or more sniffer devices, and automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected. Further, the method includes detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity, and automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected

Citations

71 Claims

1-51. -51. (canceled)

52. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
- providing a network to be protected, the network being associated with at least a part of an airspace;
  
  using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored;
  
  providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy;
  
  determining if the one or more sniffer devices substantially cover at least the part of the airspace to be secured;
  
  monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices, the wireless activity being associated with at least a wireless device other than the one or more sniffer devices;
  
  performing a connectivity test to determine information associated with a connectivity status of the wireless device to the network to be protected; and
  
  determining whether the monitored wireless activity is permitted, denied, or ignored based on at least the information associated with the connectivity status of the wireless device to the network to be protected and information associated with the security policy.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 53. The method of claim 52, and further comprising determining whether the wireless device is authorized, rogue, or external.
  - 54. The method of claim 52 wherein the second type of wireless activity is associated with at least a wireless communication between an authorized wireless station and an external wireless device.
  - 55. The method of claim 52 wherein the third type of wireless activity is associated with at least a wireless communication between an unauthorized wireless station and an external wireless device.
  - 56. The method of claim 52 wherein the third type of wireless activity is associated with at least a wireless communication between a wireless station in another network and an external wireless device associated with the another network.
  - 57. The method of claim 52 wherein the second type of wireless activity and the third type of wireless activity are associated with at least an unauthorized wireless device.
  - 58. The method of claim 57 wherein the monitored wireless activity is associated with at least the unauthorized wireless device.
  - 59. The method of claim 58 wherein the determining whether the monitored wireless activity is permitted, denied, or ignored comprises:
    - if the unauthorized wireless device is determined to be not connected to the network to be protected, determining the monitored wireless activity as ignored.
  - 60. The method of claim 58 wherein the determining whether the monitored wireless activity is permitted, denied, or ignored further comprises:
    - if the unauthorized wireless device is determined to be connected to the network to be protected, determining the monitored wireless activity as denied.
  - 61. The method of claim 52, and further comprising:
    - if the monitored wireless activity is determined as denied, determining a violation of the security policy;
      
      processing an action in response to the violation.
  - 62. The method of claim 61 wherein the action comprises at least one selected from a group consisting of raising an alert and initiating a prevention process.

63. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
- providing a network to be protected, the network being associated with at least a part of an airspace within a vicinity of a selected geographic region;
  
  using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored;
  
  providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy;
  
  using a computer model of the selected geographic region;
  
  inputting information associated with the one or more sniffer devices to the computer model of the selected geographic region, the information including at least location information associated with the one or more sniffer devices;
  
  using a radio signal propagation model;
  
  computing information associated with a radio coverage for the one or more sniffer devices based on at least information associated with the computer model of the selected geographic region, the inputted information, and information associated with the radio signal propagation model;
  
  displaying one or more regions associated with the computed radio coverage in relation to a layout of the selected geographic region on a display device to determine whether the one or more sniffer devices substantially cover at least the part of the airspace to be secured;
  
  monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices; and
  
  determining whether the monitored wireless activity is permitted, denied, or ignored based on at least information associated with the security policy, the security policy at least characterizing the first type of wireless activity to be permitted, the second type of wireless activity to be denied, and the third type of wireless activity to be ignored.

64. A method for preventing undesirable wireless communication in local area network of computing devices, the method comprising:
- providing a network to be protected;
  
  using a wireless security policy associated with the network to be protected, the wireless security policy at least characterizing a first type of wireless activity associated with a rouge access point device as denied, a second type of wireless activity between an authorized wireless station and an external access point device as denied, and a third type of wireless activity between a neighbor'"'"'s wireless station and an external access point as ignored;
  
  detecting at least a wireless activity using one or more sniffer devices, the wireless activity being associated with a first access point device;
  
  performing a connectivity test to determine information associated with a connectivity status of the first access point device to the network to be protected;
  
  classifying the first access point device as one of at least the rogue access point device and the external access point device;
  
  determining whether the detected wireless activity is denied or ignored based on at least the wireless security policy and the classifying the first access point device; and
  
  initiating a prevention process in response to the detected wireless activity being determined as denied, the prevention process being directed to create hindrance to the detected wireless activity.
- View Dependent Claims (65, 66, 67, 68, 69, 70, 71)
- - 65. The method of claim 64, and further comprising providing a list of identities of authorized wireless stations.
  - 66. The method of claim 65, and further comprising determining a first wireless station to be a neighbor'"'"'s wireless station if the identity of the first wireless station is not on the list of the identities of authorized wireless stations.
  - 67. The method of claim 64 wherein the wireless security policy at least further characterizes a fourth type of wireless activity associated with an authorized access point device as denied, the authorized access point device being connected to a first network segment different from a predetermined network segment, the first network segment and the predetermined network segment being associated with the network to be protected.
  - 68. The method of claim 67 wherein the classifying the first access point device comprises classifying the first access point device as one of at least the rogue access point device, the external access point device, and the authorized access point device being connected to the first network segment based on at least the information associated with the connectivity status.
  - 69. The method of claim 64 wherein the prevention process includes an over-the-air prevention process.
  - 70. The method of claim 69 wherein the over-the-air prevention process includes at least one selected from a group consisting of a forced deauthentication process, a virtual jamming process, a selective virtual jamming process, an AP flooding process, and an ACK collision process.
  - 71. The method of claim 64 wherein each of the performing a connectivity test, the classifying the first access point device, the determining whether the detected wireless activity is denied or ignored, and the initiating a prevention process is performed automatically.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arista Networks, Inc.
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
Rawat, Jai, Chaskar, Hemant, King, David, Bhagwat, Pravin

Granted Patent

US 7,804,808 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/338
CPC Class Codes

H04K 2203/18   for wireless local area net...

H04K 3/65   using deceptive jamming or ...

H04K 3/86   related to preventing decep...

H04K 3/94   related to allowing or prev...

H04L 41/28   Restricting access to netwo...

H04L 61/103   across network layers, e.g....

H04L 61/2514   between local and global IP...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04W 12/069   using certificates or pre-s...

H04W 12/088   using filters or firewalls

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

Method and System for Monitoring a Selected Region of an Airspace Associated with Local Area Networks of computing Devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Monitoring a Selected Region of an Airspace Associated with Local Area Networks of computing Devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links