System and method for remotely monitoring wireless networks
First Claim
1. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
wherein each monitoring device comprises;
a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;
a packet filtering module operable to;
filter the received packets to identify any packets associated with the establishment of a communication session; and
select one or more packets identified as being associated with the establishment of a communication session for communication to the centralized security manager; and
a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and
wherein the centralized security manager comprises;
a packet collection module operable to receive the one or more selected packets communicated from each monitoring device;
a packet analysis module operable to;
analyze the one or more packets; and
determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device; and
an alert module operable to communicate an alert if the particular communication session is not valid;
wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and
the centralized security manager further comprises a countermeasure module operable to prevent the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for monitoring a wireless network is provided. The system includes a security network including a plurality of monitoring devices coupled to a centralized security manager. The security network is operable to manage access to a data network associated with a plurality of authorized devices. Each monitoring device is operable to receive packets communicated from one or more wireless device and communicate one or more of the packets to the centralized security manager. Each packet is associated with a communication session. The centralized security manager is operable to receive and analyze the one or more packets communicated from each monitoring device. The centralized security manager is further operable to determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device, and to communicate an alert if the particular communication session is not valid.
-
Citations
45 Claims
-
1. A system for monitoring a wireless network, comprising:
-
a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices; wherein each monitoring device comprises; a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session; a packet filtering module operable to; filter the received packets to identify any packets associated with the establishment of a communication session; and select one or more packets identified as being associated with the establishment of a communication session for communication to the centralized security manager; and a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and wherein the centralized security manager comprises; a packet collection module operable to receive the one or more selected packets communicated from each monitoring device; a packet analysis module operable to; analyze the one or more packets; and determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device; and an alert module operable to communicate an alert if the particular communication session is not valid; wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and the centralized security manager further comprises a countermeasure module operable to prevent the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices. - View Dependent Claims (2, 3, 4)
-
-
5. A system for monitoring a wireless network, comprising:
-
a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices; wherein each monitoring device comprises; a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session; a packet filtering module operable to; filter the received packets to identify any packets associated with the establishment of a communication session; and select one or more packets identified as being associated with the establishment of a communication session for communication to the centralized security manager; and a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and wherein the centralized security manager comprises; a packet collection module operable to receive the one or more selected packets communicated from each monitoring device; a packet analysis module operable to; analyze the one or more packets; and determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device; and
an alert module operable to communicate an alert if the particular communication session is not validwherein;
the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network;the packet analysis module of the centralized security manager is further operable to determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and the packet analysis module of the centralized security manager is operable to determine whether the particular wireless device is one of the plurality of authorized devices by; determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of monitoring a wireless network, comprising:
-
receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network associated with a plurality of authorized devices;
wherein the one or more packets are associated with a communication session;filtering the one or more received packets to identify any packets associated with the establishment of a communication session; selecting at least one particular packet associated with the establishment of a communication session for communication to the centralized security manager; communicating at least one particular packet of the one or more packets to a centralized manager coupled to each of the plurality of monitoring devices; analyzing the at least one particular packet; determining whether the communication session is valid based on the analysis of the at least one particular packet; communicating an alert if the communication session is not valid;
directing the wireless device to a honey pot if the communication session is not valid. - View Dependent Claims (15, 16, 17)
-
-
18. A method of monitoring a wireless network, comprising:
-
receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network associated with a plurality of authorized devices;
wherein the one or more packets are associated with a communication session;filtering the one or more received packets to identify any packets associated with the establishment of a communication session; selecting at least one particular packet associated with the establishment of a communication session for communication to the centralized security manager; communicating at least one particular packet of the one or more packets to a centralized manager coupled to each of the plurality of monitoring devices; analyzing the at least one particular packet; determining whether the communication session is valid based on the analysis of the at least one particular packet; and communicating an alert if the communication session is not valid, wherein the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and
wherein the method further comprises;determining whether the wireless device is a wireless access point or a wireless client based on the analysis of the at least one data packet; and wherein determining whether the communication session is valid comprises; if the wireless device is a wireless access point, determining whether the wireless access point is one of the plurality of authorized wireless access points; and if the wireless device is a wireless client, determining whether the wireless client is one of the plurality of authorized wireless clients. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for monitoring a wireless network, comprising:
-
a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices; wherein each monitoring device comprises; a packet sniffing module operable to receive packets communicated from one or more wireless device; a packet filtering module operable to; filter the received packets to identify any packets associated with the establishment of a communication session; and select one or more of the identified packets associated with the establishment of a communication session for communication to the centralized security manager; and a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and wherein the centralized security manager comprises a packet collection module operable to receive the one or more selected packets communicated from each monitoring device; a packet analysis module operable to; analyze the one or more packets; and determine based on the analysis of at least one particular packet associated with a particular wireless device whether the particular wireless device is one of the plurality of authorized devices; and an alert module operable to communicate an alert if the particular wireless device is not one of the plurality of authorized devices; wherein the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; the packet analysis module of the centralized security manager is further operable to determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and the packet analysis module of the centralized security manager is operable to determine whether the particular wireless device is one of the plurality of authorized devices by; determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client.
-
-
28. A method of monitoring a wireless network, comprising:
-
receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network comprising a plurality of authorized wireless access points and a plurality of authorized wireless clients; filtering the one or more received packets to identify any packets associated with the establishment of a communication session; selecting one or more of the identified packets associated with the establishment of a communication session for communication to the centralized manager; communicating at least one particular packet of the one or more selected packets to a centralized manager coupled to each of the plurality of monitoring devices; analyzing the at least one particular packet; determining whether the wireless device is one of the plurality of authorized devices based on the analysis of the at least one particular packet; communicating an alert if the wireless device is not one of the plurality of authorized devices determining whether the wireless device is a wireless access point or a wireless client based on the analysis of the at least one data packet; and wherein determining whether the wireless device is one of the plurality of authorized devices comprises; if the wireless device is a wireless access point, determining whether the wireless access point is one of the plurality of authorized wireless access points; and if the wireless device is a wireless client, determining whether the wireless client is one of the plurality of authorized wireless clients.
-
-
29. A system for monitoring a wireless network, comprising:
-
a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices; wherein each monitoring device comprises; a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session; a packet filtering module operable to select one or more of the received packets to be analyzed; a packet routing module operable to; determine whether the selected packets are to be analyzed locally or by the centralized security manager based on whether a wireless connection is available between the monitoring device and the centralized security manager; and communicate the selected packets to the centralized security manager if it is determined that the wireless connection is available; a packet analysis module operable to; analyze the selected packets if it is determined that the selected packets are to be analyzed locally; and determine whether the communication session is valid based on the analysis of the selected packets; a local alert module operable to; store a record regarding the communication session if it is determined by the monitoring device that the communication session is valid; and communicate the record regarding the communication session to the centralized security manager; and wherein the centralized security manager is further operable to update a central session database based on the record regarding the communication session; and wherein the centralized security manager comprises; a packet collection module operable to receive the selected packets from the monitoring device if it is determined that the selected packets are to be analyzed by the centralized security manager; and a packet analysis module operable to; analyze the received selected packets; and determine whether the communication session is valid based on the analysis of the received selected packets. - View Dependent Claims (30, 31)
-
-
32. A method of monitoring a wireless network, comprising:
-
receiving packets communicated from a wireless device at one of a plurality of monitoring devices, the one or more packets being associated with a communication session; selecting one or more of the received packets to be analyzed; determining whether the selected packets are to be analyzed by the monitoring device or by a centralized manager coupled to each of the plurality of monitoring devices based on whether a wireless connection is available between the monitoring device and the centralized manager; if it is determined that the selected packets are to be analyzed by the monitoring device; analyzing the selected packets by the monitoring device; and determining whether the communication session is valid based on the analysis of the selected packets; and if it is determined that the selected packets are to be analyzed by the centralized security manager; communicating the selected packets to the centralized security manager; analyzing the selected packets by the centralized security manager; and determining whether the communication session is valid based on the analysis of the received selected packets; and storing a record regarding the communication session if it is determined by the monitoring device that the communication session is valid; communicating the record regarding the communication session to the centralized security manager; and updating a session database associated with the centralized security manager based on the record regarding the communication session. - View Dependent Claims (33, 34)
-
-
35. Software for monitoring a wireless network, the software being embodied in computer-readable media and when executed operable to:
-
receive one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network associated with a plurality of authorized devices;
wherein the one or more packets are associated with a communication session;filtering the one or more received packets to identify any packets associated with the establishment of a communication session; selecting at least one particular packet associated with the establishment of a communication session for communication to the centralized security manager; communicate at least one particular packet of the one or more selected packets to a centralized manager coupled to each of the plurality of monitoring devices; analyze the at least one particular packet; determine whether the communication session is valid based on the analysis of the at least one particular packet; and generate an alert if the communication session is not valid, wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network, and wherein the software, when executed, is further operable to prevent the wireless device access to the network via each of the plurality of wireless access points if the communication session is not valid.
-
-
36. A system for monitoring a wireless network, comprising:
-
a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices; wherein each monitoring device comprises; a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session; a packet filtering module operable to identify one or more packets associated with the establishment of a communication session; a packet analysis module operable to; analyze the one or more packets associated with the establishment of a communication session; and determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with the establishment of a communication session; an alert module operable to communicate an alert if the particular communication session is not valid; and a countermeasure module operable to update a session database based on the determination of whether the particular communication session is valid. - View Dependent Claims (37, 38, 39, 40)
-
-
41. A method for monitoring a wireless network, comprising:
-
receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to manage access to a data network associated with a plurality of authorized devices; filtering the one or more received packets, at the monitoring device, to identify any packets associated with the establishment of a communication session; analyzing at least one particular packet identified as being associated with the establishment of a communication session; determining whether the communication session is valid based on the analysis of the at least one particular packet associated with the establishment of a communication session; communicating an alert if the communication session is not valid and; and determining whether the particular communication session is a new session or an existing session based on the analysis of the at least one particular packet. - View Dependent Claims (42, 43)
-
-
44. A system for monitoring a wireless network, comprising:
-
a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices; wherein each monitoring device comprises; a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session; a packet filtering module operable to identify one or more packets associated with the establishment of a communication session; a packet analysis module operable to; analyze the one or more packets associated with the establishment of a communication session; and determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with the establishment of a communication session; an alert module operable to communicate an alert if the particular communication session is not valid, wherein the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; the packet analysis module is further operable to; determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and determine whether the particular wireless device is one of the plurality of authorized devices by; determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client.
-
-
45. A method for monitoring a wireless network, comprising:
-
receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to manage access to a data network associated with a plurality of authorized devices; filtering the one or more received packets, at the monitoring device, to identify any packets associated with the establishment of a communication session; analyzing at least one particular packet identified as being associated with the establishment of a communication session; determining whether the communication session is valid based on the analysis of the at least one particular packet associated with the establishment of a communication session; and communicating an alert if the communication session is not valid, wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network, the method further comprising preventing the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.
-
Specification