Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
First Claim
1. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
- providing a network to be protected, the network being associated with at least a part of an airspace;
using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored;
providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy;
determining if the one or more sniffer devices substantially cover at least the part of the airspace to be secured;
monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices, the wireless activity being associated with at least a wireless device other than the one or more sniffer devices;
performing a connectivity test to determine information associated with a connectivity status of the wireless device to the network to be protected, the connectivity test including transferring one or more marker packets at least from wired side of the network to be protected or at least through wireless side of the wireless device; and
determining whether the monitored wireless activity is permitted, denied, or ignored based on at least the information associated with the security policy,wherein determining whether the monitored wireless activity is denied or ignored is further based on at least the information associated with the connectivity status of the wireless device to the network to be protected.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy.
121 Citations
33 Claims
-
1. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
-
providing a network to be protected, the network being associated with at least a part of an airspace; using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored; providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy; determining if the one or more sniffer devices substantially cover at least the part of the airspace to be secured; monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices, the wireless activity being associated with at least a wireless device other than the one or more sniffer devices; performing a connectivity test to determine information associated with a connectivity status of the wireless device to the network to be protected, the connectivity test including transferring one or more marker packets at least from wired side of the network to be protected or at least through wireless side of the wireless device; and determining whether the monitored wireless activity is permitted, denied, or ignored based on at least the information associated with the security policy, wherein determining whether the monitored wireless activity is denied or ignored is further based on at least the information associated with the connectivity status of the wireless device to the network to be protected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
-
providing a network to be protected, the network being associated with at least a part of an airspace within a vicinity of a selected geographic region; using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored; providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy; using a computer model of the selected geographic region; inputting information associated with the one or more sniffer devices to the computer model of the selected geographic region, the information including at least location information associated with the one or more sniffer devices; using a radio signal propagation model; computing information associated with a radio coverage for the one or more sniffer devices based on at least information associated with the computer model of the selected geographic region, the inputted information, and information associated with the radio signal propagation model; displaying one or more regions associated with the computed radio coverage in relation to a layout of the selected geographic region on a display device to determine whether the one or more sniffer devices substantially cover at least the part of the airspace to be secured; monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices; and determining whether the monitored wireless activity is permitted, denied, or ignored based on at least information associated with the security policy, the security policy at least characterizing the first type of wireless activity to be permitted, the second type of wireless activity to be denied, and the third type of wireless activity to be ignored.
-
-
13. A method for preventing undesirable wireless communication in local area network of computing devices, the method comprising:
-
providing a network to be protected; using a wireless security policy associated with the network to be protected, the wireless security policy at least characterizing a first type of wireless activity associated with a rouge access point device as denied, a second type of wireless activity between an authorized client wireless station and an external access point device as denied, and a third type of wireless activity between a neighbor'"'"'s client wireless station and an external access point device as ignored; detecting at least a wireless activity using one or more sniffer devices, the wireless activity being associated with a first access point device; performing a connectivity test to determine information associated with a connectivity status of the first access point device to the network to be protected, the connectivity test including transferring one or more marker packets at least through wireless side of the first access point device or at least from wired side of the network to be protected; classifying the first access point device as one of at least the rogue access point device and the external access point device based on at least the information associated with the connectivity status; determining whether the detected wireless activity is denied or ignored based on at least the wireless security policy and the classifying the first access point device; and initiating a prevention process in response to the detected wireless activity being determined as denied, the prevention process being directed to create hindrance to the detected wireless activity. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for preventing undesirable wireless communication in local area network of computing devices, the system comprising:
-
one or more radio interfaces; one or more processor units; and one or more computer readable media storing instructions which are executable by the one or more processor units to execute steps of; detecting at least a wireless activity using at least one of the one or more radio interfaces, the wireless activity being associated with a first access point device; performing a connectivity test to determine information associated with a connectivity status of the first access point device to a network to be protected, the connectivity test including transferring one or more marker packets at least through wireless side of the first access point device or at least from wired side of the network to be protected; classifying the first access point device as one of at least a rogue access point device and an external access point device based on at least the information associated with the connectivity status; determining whether the detected wireless activity is denied or ignored based on at least a wireless security policy and the classifying the first access point device, the wireless security policy at least characterizing a first type of wireless activity associated with a rouge access point device as denied, a second type of wireless activity between an authorized client wireless station and an external access point device as denied, and a third type of wireless activity between a neighbor'"'"'s client wireless station and an external access point device as ignored; and initiating a prevention process in response to the detected wireless activity being determined as denied, the prevention process being directed to create hindrance to the detected wireless activity. - View Dependent Claims (24, 25, 26)
-
-
27. A method for monitoring wireless access in local area computer networks, the method comprising:
-
receiving security policy information, the security policy information at least identifying a first authorized access point and a first network segment of a local area computer network such that the first authorized access point is permitted to connect at least a portion of wireless traffic within an airspace associated with the local area computer network with the first network segment; determining identity information of a second network segment of the local area computer network to which the first authorized access point actually connects at least a portion of wireless traffic within the airspace; comparing the identity information of the second network segment with the identity information of the first network segment; ascertaining that the second network segment is different from the first network segment; and generating indication of violation of the security policy based upon the ascertaining. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
Specification