ACTIVE ATTACK DETECTION SYSTEM
First Claim
1. A method of detecting security attacks on a wireless networked computer system, comprising:
- activating a remote sensor, the remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation;
connecting the remote sensor to a wireless computer network, the wireless computer network having an unknown security status;
establishing a secure communications tunnel between the remote sensor and a server, the server configured and arranged to issue commands to the remote sensor and receive alert information from the remote sensor;
detecting a security event with the remote sensor;
with the server, determining a threat level the security event poses to a user of the wireless computer network; and
issuing a threat assessment from the sever to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system of detecting security attacks on a wireless networked computer system includes a remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation that is activated and instructed to connect to a wireless computer network having an unknown security status. A secure communications tunnel is established via wired or wireless means between the remote sensor and a server. The server is configured to issue commands to the remote sensor and receive alert information from the remote sensor which detects security events on the wireless computer network. The server determines the threat level the security event poses to a user of the wireless computer network and issues a threat assessment to the user.
31 Citations
20 Claims
-
1. A method of detecting security attacks on a wireless networked computer system, comprising:
-
activating a remote sensor, the remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation; connecting the remote sensor to a wireless computer network, the wireless computer network having an unknown security status; establishing a secure communications tunnel between the remote sensor and a server, the server configured and arranged to issue commands to the remote sensor and receive alert information from the remote sensor; detecting a security event with the remote sensor; with the server, determining a threat level the security event poses to a user of the wireless computer network; and issuing a threat assessment from the sever to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system of detecting security attacks on a wireless networked computer system, comprising:
-
a remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation connected to a wireless computer network through the wireless adapter; a server having a processor, storage, memory, and network adapter, the server configured and arranged to selectively connected to the remote sensor through a secure tunnel established between the network adapter and wireless adapter; the remote sensor further configured and arranged to report security threats to the server; and the server further configured and arranged to create a threat assessment of the security threats received from the remote sensor and report the threat assessment to a user. - View Dependent Claims (11, 12, 13, 14, 16, 17, 18, 19, 20)
-
-
15. The system of claim 15, wherein the log of alert summaries is in XML format.
Specification