Wireless intrusion prevention system

Wireless intrusion prevention system

In computing, a wireless intrusion prevention system (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points "(intrusion detection)", and can automatically take countermeasures "(intrusion prevention)".

Purpose

The primary purpose of a WIPS is to prevent unauthorized network access to local area networks and other information assets by wireless devices. These systems are typically implemented as an overlay to an existing Wireless LAN infrastructure, although they may be deployed standalone to enforce no-wireless policies within an organization. Some advanced wireless infrastructure has integrated WIPS capabilities.

Large organizations with many employees are particularly vulnerable to security breaches caused by rogue access points. If an employee (trusted entity) in a location brings in an easily available wireless router, the entire network can be exposed to anyone within range of the signals.

Intrusion detection

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Rogue devices can spoof MAC address of an authorized network device as their own. New research uses fingerprinting approach to weed out devices with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against the known signatures of pre-authorized, known wireless devices. [citeweb|title=University research aims at more secure Wi-Fi|url=http://www.eetimes.com/news/latest/showArticle.jhtml;jsessionid=GPLEDVT0ZRBKUQSNDLPSKH0CJUNN2JVN?articleID=192501255|publisher=eetimes.com|accessdate=2008-03-16]

Intrusion prevention

In addition to intrusion detection, a WIPS also includes features that prevent against the threat "automatically". For automatic prevention, it is required that the WIPS is able to accurately detect and automatically classify a threat.

The following types of threats can be prevented by a good WIPS:
* Rogue AP – WIPS should understand the difference between Rogue AP and External (neighbor’s) AP
* Mis-configured AP
* Client Mis-association
* Unauthorized association
* Man in the Middle Attack
* Ad-hoc Networks
* Mac-Spoofing
* Honeypot / Evil Twin Attack
* Denial of Service (DoS) Attack

Implementation

Most WIPS configurations consist of three components:

*Sensors — These devices contain antennas and radios that scan the wireless spectrum for packets and are installed throughout areas to be protected
*Server — The WIPS server centrally analyzes packets captured by sensors
*Console — The console provides the primary user interface into the system for administration and reporting

A simple intrusion detection system can be a single computer, connected to a wireless signal processing device, and antennas placed throughout the facility. For huge organizations, a Multi Network Controller provides central control of multiple WIPS servers, while for SOHO or SMB customers, all the functionality of WIPS is available in single box.

In a WIPS implementation, users first define the operating wireless policies in the WIPS. The WIPS sensors then anaylze the traffic in the air and send this information to WIPS server. The WIPS server correlates the information validates it against the defined policies and classifies if it is a threat. The threat is then notified to the administrator of WIPS, or, if a policy has been set accordingly, the WIPS takes automatic protection measures.

Notable WIDS

The most famous WIDS is AirSnare.

Notable implementations

A commercial intrusion detection system with geolocation capability was originally developed by Cole Innovations in conjunction with the AFRL (Air Force Research Laboratory) Information Directorate in Rome, NY in 2002.Fact|date=August 2007 The system could alert authorities in real-time as to where the attacker was located and what they were attempting to do. This was done to meet military security demands as they began to rely more heavily on wireless devices. The system has also integrated into law enforcement applications. This system was licensed out to [http://www.nexusisr.com NexusISR LLC] of Rochester New York US for manufacture and transition of the system to commercial markets as the Nexus Hornet.

ee also

* Wardriving
* Wireless LAN Security

References


Wikimedia Foundation. 2010.

См. также в других словарях:

  • Intrusion prevention system — Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention… …   Wikipedia

  • Intrusion detection system — An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Some systems may attempt to stop …   Wikipedia

  • Wireless security — An example wireless router, that can implement wireless security features Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Many laptop computers have wireless cards pre installed. The… …   Wikipedia

  • Wireless LAN security — One issue with corporate wireless networks in general, and WLANs in particular, involves the need for security. Many early access points could not discern whether or not a particular user had authorization to access the network. Although this… …   Wikipedia

  • Wireless hacking — In security breaches, wireless hacking is the unauthorized use or penetration of a wireless network. A wireless network can be penetrated in a number of ways. There are methods ranging from those that demand a high level of technological skill… …   Wikipedia

  • Cracking of wireless networks — is the penetration of wireless networks. A wireless network can be penetrated in a number of ways. These ways vary greatly in the level of computer skill and commitment they require. Once within a network, a skilled hacker can modify software,… …   Wikipedia

  • Operating system — Operating systems …   Wikipedia

  • Payment Card Industry Data Security Standard — The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e purse, ATM, and POS cards. Defined by the Payment Card… …   Wikipedia

  • Система предотвращения вторжений — У этого термина существуют и другие значения, см. IPS. Система предотвращения вторжений (англ. Intrusion Prevention System)  программная или аппаратная система сетевой и компьютерной безопасности, обнаруживающая вторжения или нарушения… …   Википедия

  • WIP — or Wip may refer to:* WIP (AM), a radio station (610 AM) licensed to Philadelphia, Pennsylvania, United States * Wip, a small talking sentient dragon who is a character in the CGI series Xcalibur * WIP (Wiskott Aldrich Sydrome Protein)… …   Wikipedia


Поделиться ссылкой на выделенное

Прямая ссылка:
Нажмите правой клавишей мыши и выберите «Копировать ссылку»