Method and system for actively defending a wireless LAN against attacks
First Claim
1. A network security system, the system comprising:
- a system data store configured to store risk criteria data, network default data, and network performance and usage data;
a first communication interface comprising a receiver that receives inbound communications from a communication channel associated with the communication interface;
a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and wherein the system processor is programmed or adapted to perform the steps comprising;
receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface;
detecting a violation by applying a plurality of intrusion detection tests that each compare the received data with data in the system data store or information derived therefrom;
generating an alarm signal upon detecting a violation.
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.
-
Citations
26 Claims
-
1. A network security system, the system comprising:
-
a system data store configured to store risk criteria data, network default data, and network performance and usage data; a first communication interface comprising a receiver that receives inbound communications from a communication channel associated with the communication interface; a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and wherein the system processor is programmed or adapted to perform the steps comprising; receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface; detecting a violation by applying a plurality of intrusion detection tests that each compare the received data with data in the system data store or information derived therefrom; generating an alarm signal upon detecting a violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for detecting wireless intruders, the wireless intruders having the potential to compromise a wired network, the method comprising:
-
establishing risk criteria data, network default data and network performance and usage data based upon one or more of;
a system administrator, a wireless network survey, or baseline wireless traffic levels;receiving data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface; detecting a policy violation by applying a plurality of intrusion detection tests, the intrusion detection tests being configured to compare the received data with one or more of the risk criteria data, the network default data, the network performance and usage data, or information derived therefrom; and generating an alarm signal upon detecting a violation, the alarm signal indicating that a potential intruder has been detected, the alarm signal being operable to alert an active defense system to defend the network against the potential intruder.
-
-
26. One or more computer readable media storing instructions configured to detect a wireless intruder, the instructions comprising:
-
policy establishment instructions configured to establish a policy based upon risk criteria data, network default data, and network performance and usage data, wherein the risk criteria data, network default data, and network performance and usage data being based upon one or more of;
input from a system administrator, a wireless network survey, or baseline wireless traffic levels;network interface logic configured to receive data corresponding to a frame transmitted over a wireless computer network and the signal used to transmit the frame via the communication interface; policy violation detection instructions configured to detect a policy violation by applying a plurality of intrusion detection tests, the intrusion detection tests being configured to compare the received data with one or more of the risk criteria data, the network default data, the network performance and usage data, or information derived therefrom; and alarm instructions configured to generate an alarm signal responsive to the policy violation detection instructions, the alarm signal indicating that a potential intruder has been detected, the alarm signal being operable to alert an active defense system to defend the network against the potential intruder.
-
Specification