US2007189194A1PendingUtilityA1

Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap

49
Assignee: AIRDEFENSE INCPriority: May 20, 2002Filed: May 8, 2006Published: Aug 16, 2007
Est. expiryMay 20, 2022(expired)· nominal 20-yr term from priority
H04W 88/08H04L 63/1416H04L 63/1441H04L 41/06H04L 63/1408H04L 63/1491H04W 12/122H04W 12/125
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting wireless communication over the wireless computer network and a system processor. Configuration data associated with an access point on a wireless computer network potentially compromised by an intruder is received. Information contained within and/or derived from the received configuration data is stored. Communication with the intruder is continued by emulating the identification characteristics of the potentially compromised access point. A channel change request is transmitted to the potentially compromised access point to reroute communication between the potentially compromised access point and authorized stations such that communications may continue on a different channel.

Claims

exact text as granted — not AI-modified
1 - 15 . (canceled)  
   
   
       16 . A method for wireless intrusion protection, comprising: 
 outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted;    defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy;    deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy;    deploying a host system on the network;    monitoring wireless signals in the airspace using said one or more sensor devices;    determining whether a wireless signal is intended to communicate to said at least one portion of the network;    detecting a violation of the security policy based at least upon the determining step and the monitoring step;    automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.    
   
   
       17 . The method of  claim 16 , wherein the action comprises notifying an administrator responsive to detection of the violation.  
   
   
       18 . The method of  claim 16 , wherein the action comprises selectively restricting one or more wireless devices associated with the violation, thereby hindering engagement in communication between the one or more wireless devices and the network.  
   
   
       19 . The method of  claim 18 , wherein selectively restricting one or more wireless devices does not influence communications originating from or destined for other wireless devices.  
   
   
       20 . The method of  claim 16 , wherein the network comprises a secure wired network.  
   
   
       21 . The method of  claim 20 , wherein devices residing on the secure wired network encrypt communications.  
   
   
       22 . The method of  claim 16 , wherein the network is susceptible to attacks originating from the airspace and transmitted into the network using an access point coupled to said at least one portion of the network.  
   
   
       23 . The method of  claim 16 , wherein the violation is associated with an unauthorized wireless device attempting to communicate with devices coupled to the network.  
   
   
       24 . The method of  claim 16 , further comprising ignoring wireless signals that are intended for receipt by an unrelated network.  
   
   
       25 . The method of  claim 16 , wherein the violation comprises an authorized device operating outside of predefined parameters associated with the device.  
   
   
       26 . The method of  claim 25 , wherein the predefined parameters include a predefined physical region of operation.  
   
   
       27 . The method of  claim 25 , wherein the predefined parameters include configuration parameters.  
   
   
       28 . The method of  claim 16 , wherein the violation comprises a spoofing attack.  
   
   
       29 . The method of  claim 16 , wherein the sensor devices transmit wireless signals into the airspace to determine status of wireless devices in the physical region.  
   
   
       30 . The method of  claim 29 , wherein the status includes connectivity status with the network.  
   
   
       31 . The method of  claim 16 , wherein the one or more sensor devices comprise a detection region of coverage.  
   
   
       32 . The method of  claim 16 , wherein the one or more sensor devices comprise a prevention region of coverage.  
   
   
       33 . The method of  claim 16 , further comprising modeling coverage associated with the one or more sensor devices.  
   
   
       34 . The method of  claim 16 , wherein the action comprises filtering wireless signals originating from a wireless device associated with the violation.  
   
   
       35 . A wireless intrusion protection system, comprising: 
 one or more monitoring modules deployed within a physical region proximate to a network, the physical region comprising an airspace through which wireless signals propagate, the one or more sensor devices implementing a security policy defining at least a type of activity which comprises a violation of the security policy and being configured to protect the network, and to provide an indication of the violation;    a host module configured to communicate with the one or more monitoring modules regarding security policy for the network to be protected, and to provide central management for the one or more monitoring modules, individually or collectively;    wherein the one or more monitoring modules are configured to receive wireless signals propagating in the airspace and to apply the security policy to determine whether any of the wireless signals are associated with violations of the security policy;    a protection module configured perform an action responsive to the indication of the security violation in accordance with the security policy.    
   
   
       36 . The system of  claim 35 , wherein action is tailored based upon which of a plurality of policies comprising the security policy was violated.  
   
   
       37 . The system of  claim 35 , wherein the action comprises notifying an administrator in response to a minor security policy violation.  
   
   
       38 . The system of  claim 35 , wherein the action comprises a selective restriction of one or more wireless devices associated with the violation of the security policy by inhibiting the engagement of the one or more wireless devices with network devices coupled to the network.  
   
   
       39 . The system of  claim 38 , wherein the selective restriction does not affect the operation of the network devices.  
   
   
       40 . The system of  claim 35 , wherein the action comprises selectively restricting traffic originating from a wireless device associated with the violation.  
   
   
       41 . The system of  claim 35 , wherein the airspace renders the network vulnerable to intrusions into the network using the airspace.  
   
   
       42 . The system of  claim 35 , wherein the security policy is further configured to identify wireless traffic destined for another network.  
   
   
       43 . The system of  claim 35 , wherein the security policy is further configured to identify wireless traffic which does not violate the security policy.  
   
   
       44 . Computer readable storage media storing instructions that upon execution by a system processor causes the system processor to perform steps comprising: 
 outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted;    defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy;    deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy;    deploying a host system on the network;    monitoring wireless signals in the airspace using said one or more sensor devices; determining whether a wireless signal is intended to communicate to said at leas one portion of the network;    detecting a violation of the security policy based at least upon the determining step and the monitoring step;    automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.