Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

US 7,804,808 B2
Filed: 09/18/2006
Issued: 09/28/2010
Est. Priority Date: 12/08/2003
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:

providing a network to be protected, the network being associated with at least a part of an airspace;

using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored;

providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy;

determining if the one or more sniffer devices substantially cover at least the part of the airspace to be secured;

monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices, the wireless activity being associated with at least a wireless device other than the one or more sniffer devices;

performing a connectivity test to determine information associated with a connectivity status of the wireless device to the network to be protected, the connectivity test including transferring one or more marker packets at least from wired side of the network to be protected or at least through wireless side of the wireless device; and

determining whether the monitored wireless activity is permitted, denied, or ignored based on at least the information associated with the security policy,wherein determining whether the monitored wireless activity is denied or ignored is further based on at least the information associated with the connectivity status of the wireless device to the network to be protected.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy.

121 Citations

View as Search Results

33 Claims

1. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
- providing a network to be protected, the network being associated with at least a part of an airspace;
  
  using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored;
  
  providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy;
  
  determining if the one or more sniffer devices substantially cover at least the part of the airspace to be secured;
  
  monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices, the wireless activity being associated with at least a wireless device other than the one or more sniffer devices;
  
  performing a connectivity test to determine information associated with a connectivity status of the wireless device to the network to be protected, the connectivity test including transferring one or more marker packets at least from wired side of the network to be protected or at least through wireless side of the wireless device; and
  
  determining whether the monitored wireless activity is permitted, denied, or ignored based on at least the information associated with the security policy,wherein determining whether the monitored wireless activity is denied or ignored is further based on at least the information associated with the connectivity status of the wireless device to the network to be protected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, and further comprising determining whether the wireless device is authorized, rogue, or external.
  - 3. The method of claim 1 wherein the second type of wireless activity is associated with at least a wireless communication between an authorized client wireless station and an external wireless access point device.
  - 4. The method of claim 1 wherein the third type of wireless activity is associated with at least a wireless communication between an unauthorized client wireless station and an external wireless access point device.
  - 5. The method of claim 1 wherein the third type of wireless activity is associated with at least a wireless communication between a client wireless station in another network and an external wireless access point device associated with the another network.
  - 6. The method of claim 1 wherein the second type of wireless activity and the third type of wireless activity are associated with at least an unauthorized wireless access point device.
  - 7. The method of claim 6 wherein the monitored wireless activity is associated with at least the unauthorized wireless access point device.
  - 8. The method of claim 7 wherein the determining whether the monitored wireless activity is permitted, denied, or ignored comprises:
    - if the unauthorized wireless access point device is determined to be not connected to the network to be protected, determining the monitored wireless activity as ignored.
  - 9. The method of claim 7 wherein the determining whether the monitored wireless activity is permitted, denied, or ignored further comprises:
    - if the unauthorized wireless access point device is determined to be connected to the network to be protected, determining the monitored wireless activity as denied.
  - 10. The method of claim 1, and further comprising:
    - if the monitored wireless activity is determined as denied,determining a violation of the security policy;
      
      processing an action in response to the violation.
  - 11. The method of claim 10 wherein the action comprises at least one selected from a group consisting of raising an alert and initiating a prevention process.

12. A method for monitoring at least a part of an airspace associated with a network of computing devices, the method comprising:
- providing a network to be protected, the network being associated with at least a part of an airspace within a vicinity of a selected geographic region;
  
  using a security policy associated with the network, the security policy at least characterizing a first type of wireless activity in at least the part of the airspace to be permitted, a second type of wireless activity in at least the part of the airspace to be denied, and a third type of wireless activity in at least the part of the airspace to be ignored;
  
  providing one or more sniffer devices, the one or more sniffer devices being spatially disposed to cause at least the part of the airspace to be secured based on at least information associated with the security policy;
  
  using a computer model of the selected geographic region;
  
  inputting information associated with the one or more sniffer devices to the computer model of the selected geographic region, the information including at least location information associated with the one or more sniffer devices;
  
  using a radio signal propagation model;
  
  computing information associated with a radio coverage for the one or more sniffer devices based on at least information associated with the computer model of the selected geographic region, the inputted information, and information associated with the radio signal propagation model;
  
  displaying one or more regions associated with the computed radio coverage in relation to a layout of the selected geographic region on a display device to determine whether the one or more sniffer devices substantially cover at least the part of the airspace to be secured;
  
  monitoring at least a wireless activity in at least the part of the airspace using the one or more sniffer devices; and
  
  determining whether the monitored wireless activity is permitted, denied, or ignored based on at least information associated with the security policy, the security policy at least characterizing the first type of wireless activity to be permitted, the second type of wireless activity to be denied, and the third type of wireless activity to be ignored.

13. A method for preventing undesirable wireless communication in local area network of computing devices, the method comprising:
- providing a network to be protected;
  
  using a wireless security policy associated with the network to be protected, the wireless security policy at least characterizing a first type of wireless activity associated with a rouge access point device as denied, a second type of wireless activity between an authorized client wireless station and an external access point device as denied, and a third type of wireless activity between a neighbor'"'"'s client wireless station and an external access point device as ignored;
  
  detecting at least a wireless activity using one or more sniffer devices, the wireless activity being associated with a first access point device;
  
  performing a connectivity test to determine information associated with a connectivity status of the first access point device to the network to be protected, the connectivity test including transferring one or more marker packets at least through wireless side of the first access point device or at least from wired side of the network to be protected;
  
  classifying the first access point device as one of at least the rogue access point device and the external access point device based on at least the information associated with the connectivity status;
  
  determining whether the detected wireless activity is denied or ignored based on at least the wireless security policy and the classifying the first access point device;
  
  and initiating a prevention process in response to the detected wireless activity being determined as denied, the prevention process being directed to create hindrance to the detected wireless activity.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13, and further comprising providing a list of identities of authorized client wireless stations.
  - 15. The method of claim 14, and further comprising determining a first client wireless station to be a neighbor'"'"'s client wireless station if the identity of the first client wireless station is not on the list of the identities of the authorized client wireless stations.
  - 16. The method of claim 13 wherein the wireless security policy at least further characterizes a fourth type of wireless activity associated with an authorized access point device as denied if the authorized access point device connects at least a portion of wireless traffic to a first network segment which is different from a predetermined network segment, the first network segment and the predetermined network segment being associated with the network to be protected.
  - 17. The method of claim 16 wherein the classifying the first access point device comprises classifying the first access point device as one of at least the rogue access point device, the external access point device, and the authorized access point device connecting at least the portion of wireless traffic to a network segment which is different from the predetermined network segment based on at least the information associated with the connectivity status.
  - 18. The method of claim 13 wherein the prevention process includes an over-the-air prevention process.
  - 19. The method of claim 18 wherein the over-the-air prevention process includes at least one selected from a group consisting of a forced deauthentication process, a virtual jamming process, a selective virtual jamming process, an AP flooding process, and an ACK collision process.
  - 20. The method of claim 13 wherein each of the performing the connectivity test, the classifying the first access point device, the determining whether the detected wireless activity is denied or ignored, and the initiating a prevention process is performed automatically.
  - 21. The method of claim 13, whereinthe one or more marker packets are transferred through the wireless side of the first access point device, and whereinthe performing the connectivity test further comprises determining whether at least one of the one or more marker packets is detected on the wired side of the network to be protected.
  - 22. The system of claim 13, whereinthe one or more marker packets are transferred from the wired side of the network to be protected, and whereinthe performing the connectivity test further comprises determining whether at least one of the one or more marker packets is detected on the wireless side of the first access point device.

23. A system for preventing undesirable wireless communication in local area network of computing devices, the system comprising:
- one or more radio interfaces;
  
  one or more processor units;
  
  and one or more computer readable media storing instructions which are executable by the one or more processor units to execute steps of;
  
  detecting at least a wireless activity using at least one of the one or more radio interfaces, the wireless activity being associated with a first access point device;
  
  performing a connectivity test to determine information associated with a connectivity status of the first access point device to a network to be protected, the connectivity test including transferring one or more marker packets at least through wireless side of the first access point device or at least from wired side of the network to be protected;
  
  classifying the first access point device as one of at least a rogue access point device and an external access point device based on at least the information associated with the connectivity status;
  
  determining whether the detected wireless activity is denied or ignored based on at least a wireless security policy and the classifying the first access point device, the wireless security policy at least characterizing a first type of wireless activity associated with a rouge access point device as denied, a second type of wireless activity between an authorized client wireless station and an external access point device as denied, and a third type of wireless activity between a neighbor'"'"'s client wireless station and an external access point device as ignored; and
  
  initiating a prevention process in response to the detected wireless activity being determined as denied, the prevention process being directed to create hindrance to the detected wireless activity.
- View Dependent Claims (24, 25, 26)
- - 24. The system of claim 23 wherein the wireless security policy at least further characterizes a fourth type of wireless activity associated with an authorized access point device as denied if the authorized access point device connects at least a portion of wireless traffic to a first network segment which is different from a predetermined network segment, the first network segment and the predetermined network segment being associated with the network to be protected.
  - 25. The system of claim 23, whereinthe one or more marker packets are transferred from at least one of the one or more radio interfaces through the wireless side of the first access point device, and whereinthe performing the connectivity test further comprises determining whether at least one of the one or more marker packets is detected on the wired side of the network to be protected.
  - 26. The system of claim 23, whereinthe one or more marker packets are transferred from the wired side of the network to be protected, and whereinthe performing the connectivity test further comprises determining whether at least one of the one or more marker packets is detected on the wireless side of the first access point device using at least one of the one or more radio interfaces.

27. A method for monitoring wireless access in local area computer networks, the method comprising:
- receiving security policy information, the security policy information at least identifying a first authorized access point and a first network segment of a local area computer network such that the first authorized access point is permitted to connect at least a portion of wireless traffic within an airspace associated with the local area computer network with the first network segment;
  
  determining identity information of a second network segment of the local area computer network to which the first authorized access point actually connects at least a portion of wireless traffic within the airspace;
  
  comparing the identity information of the second network segment with the identity information of the first network segment;
  
  ascertaining that the second network segment is different from the first network segment; and
  
  generating indication of violation of the security policy based upon the ascertaining.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The method of claim 27, wherein the indication comprises indication of misconfiguration of the first authorized access point.
  - 29. The method of claim 27, wherein the indication initiates a process of preventing the first authorized access point from connecting at least a portion of wireless traffic within the airspace with the local area computer network.
  - 30. The method of claim 27, wherein the identity information of at least the first network segment or at least the second network segment comprises a subnetwork number of the network segment.
  - 31. The method of claim 27, wherein the determining the identity information of the second network segment of the local area computer network to which the first authorized access point actually connects the at least the portion of wireless traffic within the airspace is performed by transferring one or more marker packets for detection of connectivity status of the first authorized access point.
  - 32. The method of claim 31, wherein the one or more marker packets are transferred through wireless side of the first authorized access point and are detected on a wired side of the local area computer network.
  - 33. The method of claim 31, wherein the one or more marker packets are transferred from wired side of the local area computer network and are detected on wireless side of the first authorized access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arista Networks, Inc.
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
King, David C., Rawat, Jai, Chaskar, Hemant, Bhagwat, Pravin
Primary Examiner(s)
LY, ANH VU H

Application Number

US11/532,811
Publication Number

US 20070025313A1
Time in Patent Office

1,471 Days
Field of Search

370/338
US Class Current

370/338
CPC Class Codes

H04K 2203/18   for wireless local area net...

H04K 3/65   using deceptive jamming or ...

H04K 3/86   related to preventing decep...

H04K 3/94   related to allowing or prev...

H04L 41/28   Restricting access to netwo...

H04L 61/103   across network layers, e.g....

H04L 61/2514   between local and global IP...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04W 12/069   using certificates or pre-s...

H04W 12/088   using filters or firewalls

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links