Active defense against wireless intruders
First Claim
1. A network security system the system comprising:
- a system data store capable of storing network default and configuration data;
a network interface configured to communicate with a plurality of wireless devices operating on a wireless network;
a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of;
receiving an active defense request signal, wherein the active defense request signal comprises a notification corresponding to a potentially compromised access point in the wireless computer network and is triggered responsive to detection of unauthorized wireless activity in an airspace; and
responsive to receipt of the active defense request signal, selecting one or more active defense routines, the selection of the one or more active defense routines being based upon the active defense request signal;
causing the selected one or more active defense routines to be executed, wherein the selected one or more active defense routines can be executed by the plurality of wireless devices, by the system processor, or by combinations thereof;
wherein the selected one or more active defense routines are designed to selectively inhibit the detected unauthorized wireless activity from transmitting on the network.
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.
-
Citations
36 Claims
-
1. A network security system the system comprising:
-
a system data store capable of storing network default and configuration data; a network interface configured to communicate with a plurality of wireless devices operating on a wireless network; a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of; receiving an active defense request signal, wherein the active defense request signal comprises a notification corresponding to a potentially compromised access point in the wireless computer network and is triggered responsive to detection of unauthorized wireless activity in an airspace; and responsive to receipt of the active defense request signal, selecting one or more active defense routines, the selection of the one or more active defense routines being based upon the active defense request signal; causing the selected one or more active defense routines to be executed, wherein the selected one or more active defense routines can be executed by the plurality of wireless devices, by the system processor, or by combinations thereof; wherein the selected one or more active defense routines are designed to selectively inhibit the detected unauthorized wireless activity from transmitting on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of providing a wireless intrusion prevention system for a wireless network, the method comprising the steps of:
-
receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an indicator corresponding to a wireless device that is potentially compromised by an intruder; requesting configuration data associated with the wireless device from the wireless device or the intrusion detection system; receiving the configuration data associated with the wireless device; storing identification information associated with the wireless device based on the received configuration data; and executing an active defense routine responsive receiving an active defense request signal from the intrusion detection system, the active defense routine is configured to selectively inhibit unauthorized wireless activity associated with the intruder. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. Computer readable storage media storing instructions that upon execution by a system processor causes the system processor to perform steps comprising:
-
receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an indicator corresponding to a wireless device that is potentially compromised by an intruder; requesting configuration data associated with the wireless device from the wireless device or the intrusion detection system;
receiving the configuration data associated with the wireless device;storing identification information associated with the wireless device based on the received configuration data; and executing an active defense routine responsive receiving an active defense request signal from the intrusion detection system, wherein the active defense routine is configured to selectively inhibit unauthorized wireless activity associated, with the intruder.
-
-
27. A method for actively defending a wireless network against intrusion, comprising:
-
receiving a plurality of wireless frames transmitted in a wireless airspace located proximate to a wireless or wired network to be protected;
performing a plurality of tests on the plurality of wireless frames;detecting an intrusion to the wireless network based upon patterns, statistics, content, or policy violations identified by the plurality of tests performed on the plurality of wireless frames;
storing any of the plurality of wireless frames associated with the intrusion;independently initiating and executing one or more active defense mechanisms responsive to the detection of an intrusion, wherein the one or more active defense mechanisms are designed to selectively obstruct unauthorized wireless activity associated with the intrusion. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification