Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap
Abstract
A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting wireless communication over the wireless computer network and a system processor. Configuration data associated with an access point on a wireless computer network potentially compromised by an intruder is received. Information contained within and/or derived from the received configuration data is stored. Communication with the intruder is continued by emulating the identification characteristics of the potentially compromised access point. A channel change request is transmitted to the potentially compromised access point to reroute communication between the potentially compromised access point and authorized stations such that communications may continue on a different channel.
Claims
exact text as granted — not AI-modified1 - 15 . (canceled)
16 . A method for wireless intrusion protection, comprising:
outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted; defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy; deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy; deploying a host system on the network; monitoring wireless signals in the airspace using said one or more sensor devices; determining whether a wireless signal is intended to communicate to said at least one portion of the network; detecting a violation of the security policy based at least upon the determining step and the monitoring step; automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.
17 . The method of claim 16 , wherein the action comprises notifying an administrator responsive to detection of the violation.
18 . The method of claim 16 , wherein the action comprises selectively restricting one or more wireless devices associated with the violation, thereby hindering engagement in communication between the one or more wireless devices and the network.
19 . The method of claim 18 , wherein selectively restricting one or more wireless devices does not influence communications originating from or destined for other wireless devices.
20 . The method of claim 16 , wherein the network comprises a secure wired network.
21 . The method of claim 20 , wherein devices residing on the secure wired network encrypt communications.
22 . The method of claim 16 , wherein the network is susceptible to attacks originating from the airspace and transmitted into the network using an access point coupled to said at least one portion of the network.
23 . The method of claim 16 , wherein the violation is associated with an unauthorized wireless device attempting to communicate with devices coupled to the network.
24 . The method of claim 16 , further comprising ignoring wireless signals that are intended for receipt by an unrelated network.
25 . The method of claim 16 , wherein the violation comprises an authorized device operating outside of predefined parameters associated with the device.
26 . The method of claim 25 , wherein the predefined parameters include a predefined physical region of operation.
27 . The method of claim 25 , wherein the predefined parameters include configuration parameters.
28 . The method of claim 16 , wherein the violation comprises a spoofing attack.
29 . The method of claim 16 , wherein the sensor devices transmit wireless signals into the airspace to determine status of wireless devices in the physical region.
30 . The method of claim 29 , wherein the status includes connectivity status with the network.
31 . The method of claim 16 , wherein the one or more sensor devices comprise a detection region of coverage.
32 . The method of claim 16 , wherein the one or more sensor devices comprise a prevention region of coverage.
33 . The method of claim 16 , further comprising modeling coverage associated with the one or more sensor devices.
34 . The method of claim 16 , wherein the action comprises filtering wireless signals originating from a wireless device associated with the violation.
35 . A wireless intrusion protection system, comprising:
one or more monitoring modules deployed within a physical region proximate to a network, the physical region comprising an airspace through which wireless signals propagate, the one or more sensor devices implementing a security policy defining at least a type of activity which comprises a violation of the security policy and being configured to protect the network, and to provide an indication of the violation; a host module configured to communicate with the one or more monitoring modules regarding security policy for the network to be protected, and to provide central management for the one or more monitoring modules, individually or collectively; wherein the one or more monitoring modules are configured to receive wireless signals propagating in the airspace and to apply the security policy to determine whether any of the wireless signals are associated with violations of the security policy; a protection module configured perform an action responsive to the indication of the security violation in accordance with the security policy.
36 . The system of claim 35 , wherein action is tailored based upon which of a plurality of policies comprising the security policy was violated.
37 . The system of claim 35 , wherein the action comprises notifying an administrator in response to a minor security policy violation.
38 . The system of claim 35 , wherein the action comprises a selective restriction of one or more wireless devices associated with the violation of the security policy by inhibiting the engagement of the one or more wireless devices with network devices coupled to the network.
39 . The system of claim 38 , wherein the selective restriction does not affect the operation of the network devices.
40 . The system of claim 35 , wherein the action comprises selectively restricting traffic originating from a wireless device associated with the violation.
41 . The system of claim 35 , wherein the airspace renders the network vulnerable to intrusions into the network using the airspace.
42 . The system of claim 35 , wherein the security policy is further configured to identify wireless traffic destined for another network.
43 . The system of claim 35 , wherein the security policy is further configured to identify wireless traffic which does not violate the security policy.
44 . Computer readable storage media storing instructions that upon execution by a system processor causes the system processor to perform steps comprising:
outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted; defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy; deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy; deploying a host system on the network; monitoring wireless signals in the airspace using said one or more sensor devices; determining whether a wireless signal is intended to communicate to said at leas one portion of the network; detecting a violation of the security policy based at least upon the determining step and the monitoring step; automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.