Method for detecting rogue devices operating in wireless and wired computer network environments
First Claim
Patent Images
1. A computer implemented method, comprising:
- receiving, at a computing device connected to a network, a wireless Media Access Control (MAC) address for a wireless device connected to the network, wherein the wireless MAC address for the wireless device corresponds to a manufacturer for the wireless device;
determining that the wireless device is a rogue wireless device, wherein determining includes comparing the wireless MAC address for the wireless device with a list of valid wireless MAC addresses used by authorized wireless devices connected to the network;
determining a list of wired MAC addresses used by devices connected to the network using wired connections;
determining that elements of the wireless MAC address for the rogue wireless device match elements of a wired MAC address, wherein determining includes comparing elements of the wireless MAC address for the rogue wireless device with elements of the wired MAC addresses on the list of wired MAC addresses;
determining that the rogue wireless device is connected to the network over a wired connection based on the match;
assigning a security risk score to the rogue wireless device, wherein assigning includes using the wireless MAC address corresponding to the manufacturer; and
displaying the security risk score.
4 Assignments
0 Petitions
Accused Products
Abstract
A management of wireless and wired computer network environments in which rogue and other devices that may affect the performance and/or security of the wireless computer network can be detected. Specifically, the present invention discloses a method and system of detecting all interfaces, Media Access Control (MAC) addresses and radio MAC addresses (BSSIDs) affiliated with a rogue device and compiling this information into a database. As a result, the present invention reduces the number of alerts that one rogue device can generate and increases the accuracy and speed of locating the rogue device within a network.
-
Citations
21 Claims
-
1. A computer implemented method, comprising:
-
receiving, at a computing device connected to a network, a wireless Media Access Control (MAC) address for a wireless device connected to the network, wherein the wireless MAC address for the wireless device corresponds to a manufacturer for the wireless device; determining that the wireless device is a rogue wireless device, wherein determining includes comparing the wireless MAC address for the wireless device with a list of valid wireless MAC addresses used by authorized wireless devices connected to the network; determining a list of wired MAC addresses used by devices connected to the network using wired connections; determining that elements of the wireless MAC address for the rogue wireless device match elements of a wired MAC address, wherein determining includes comparing elements of the wireless MAC address for the rogue wireless device with elements of the wired MAC addresses on the list of wired MAC addresses; determining that the rogue wireless device is connected to the network over a wired connection based on the match; assigning a security risk score to the rogue wireless device, wherein assigning includes using the wireless MAC address corresponding to the manufacturer; and displaying the security risk score. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
one or more processors; a non-transitory computer readable medium communicatively coupled to the one or more processors, the non-transitory computer readable medium including instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including; receiving a wireless Media Access Control (MAC) address for a wireless device connected to a network, wherein the wireless MAC address for the wireless device corresponds to a manufacturer for the wireless device; determining that the wireless device is a rogue wireless device, wherein determining includes comparing the wireless MAC address for the wireless device with a list of valid wireless MAC addresses used by authorized wireless devices connected to the network; determining a list of wired MAC addresses used by devices connected to the network using wired connections; determining that elements of the wireless MAC address for the rogue wireless device match matches elements of a wired MAC address, wherein determining includes comparing elements of the wireless MAC address for the rogue wireless device with elements of the wired MAC addresses on the list of wired MAC addresses; determining that the rogue wireless device is connected to the network over a wired connection based on the match; assigning a security risk score to the rogue wireless device, wherein assigning includes using the wireless MAC address corresponding to the manufacturer; and displaying the security risk score. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium comprising instructions that, when executed by one or more processors, cause the one or more processors to perform operations including:
-
receiving a wireless Media Access Control (MAC) address for a wireless device connected to a network, wherein the wireless MAC address for the wireless device corresponds to a manufacturer for the wireless device; determining that the wireless device is a rogue wireless device, wherein determining includes comparing the wireless MAC address for the wireless device with a list of valid wireless MAC addresses used by authorized wireless devices connected to the network; determining a list of wired MAC addresses used by devices connected to the network using wired connections; determining that elements of the wireless MAC address for the rogue wireless device match elements of a wired MAC address, wherein determining includes comparing elements of the wireless MAC address for the rogue wireless device with elements of the wired MAC addresses on the list of wired MAC addresses; determining that the rogue wireless device is connected to the network over a wired connection based on the match; assigning a security risk score to the rogue wireless device, wherein assigning includes using the wireless MAC address corresponding to the manufacturer; and displaying the security risk score. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification