SYSTEM AND METHOD FOR WIRELESS LOCAL AREA NETWORK MONITORING AND INTRUSION DETECTION
First Claim
1. A computer-implemented method for securing a computer network comprising a wired and wireless portion, the method comprising:
- providing a security component within a wired portion of the computer network, wherein the security component is configured to control the bridging of network activity between the wireless portion and wired portion of the computer network; and
through the security component;
passively monitoring for network traffic between the wireless and wired portions of the computer network for unknown wireless devices;
detecting network traffic between the wireless and wired portions of the computer network for an unknown wireless device;
determining at least one identifying characteristic of the unknown wireless device by actively probing the unknown wireless device for an identifying characteristic;
determining at least one behavioral characteristic of the unknown wireless device according to the network traffic between the unknown wireless device and devices in the wired portion of the computer network;
generating a device profile of the unknown wireless device according to the at least one identifying characteristic and the at least one behavioral characteristic of the unknown wireless device;
determining a set of access privileges corresponding to the unknown wireless device according to the device profile; and
bridging network traffic between the unknown wireless device and devices in the wired portion of the computer network consistent with the determined access privileges.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for providing improved network security against unauthorized wireless devices are presented. A security component within in a wired portion of a computer network is provided. The security component is configured to control the bridging of network activity between the wireless portion and wired portion of the computer network. Using the security component, network traffic between the wireless and wired portions of the computer network for unknown wireless devices is passively monitored. Upon network traffic between the wireless and wired portions of the computer network for an unknown wireless device, the security component determines at least one identifying characteristic of the unknown wireless device by actively probing the device for an identifying characteristic. The security component determines at least one behavioral characteristic of the device according to the network traffic between the device and devices in the wired portion of the computer network. A device profile for the unknown wireless device is generated according to the identifying and behavioral characteristics, access privileges corresponding to the unknown wireless device according to the device profile are determined, and network traffic from the unknown wireless device is permitted to pass to the computer network according to the determined access privileges.
-
Citations
2 Claims
-
1. A computer-implemented method for securing a computer network comprising a wired and wireless portion, the method comprising:
-
providing a security component within a wired portion of the computer network, wherein the security component is configured to control the bridging of network activity between the wireless portion and wired portion of the computer network; and through the security component; passively monitoring for network traffic between the wireless and wired portions of the computer network for unknown wireless devices; detecting network traffic between the wireless and wired portions of the computer network for an unknown wireless device; determining at least one identifying characteristic of the unknown wireless device by actively probing the unknown wireless device for an identifying characteristic; determining at least one behavioral characteristic of the unknown wireless device according to the network traffic between the unknown wireless device and devices in the wired portion of the computer network; generating a device profile of the unknown wireless device according to the at least one identifying characteristic and the at least one behavioral characteristic of the unknown wireless device; determining a set of access privileges corresponding to the unknown wireless device according to the device profile; and bridging network traffic between the unknown wireless device and devices in the wired portion of the computer network consistent with the determined access privileges.
-
-
2. A computer system providing improved security from unauthorized access by unknown wireless devices, the system comprising:
-
a wired computer network having a plurality of wired network devices; a wireless access point attached to the wired computer network for enabling wireless devices to communicate with the computer network; and a security component configured to control the bridging of network traffic between wireless network devices operating through the wireless access point and the wired network devices in the computer network; wherein the security component, in bridging network traffic between the wireless network devices operating through the wireless access point and the wired network devices in the computer network, is further configured to; passively monitoring for network traffic from an unknown wireless device through the wireless access point; upon detecting network traffic from the unknown wireless device; probe the unknown wireless device to determine at least one characteristic of the wireless device; generate a device profile of the unknown wireless device according to the at least one determined characteristic; determine access privileges to give to the unknown wireless device according to the determined profile and the activities exhibited by the wireless device; and control the bridging of the network traffic between the wired network devices in the computer network according to the determined access privileges.
-
Specification