| Wireless Intrusion Detection System |
Article Index for Wireless |
Website Links For Wireless |
Information AboutWireless Intrusion Detection System |
|
PURPOSE The primary purpose of a WIPS is to prevent unauthorized wireless access to Local Area Network s and other information assets. These systems are typically implemented as an overlay to an existing Wireless LAN infrastructure, although they may be deployed standalone to enforce no-wireless policies within an organization. Large organizations with many employees are particularly vulnerable to security breaches caused by rogue access points. If an employee (trusted entity) in a location brings in an easily available Wireless Router , the entire network can be exposed to anyone within range of the signals. INTRUSION DETECTION A wireless Intrusion Detection system (WIDS) monitors the Radio Spectrum for the presence of unauthorized, Rogue Access Point s. The system monitors the Radio Spectrum used by Wireless LAN s, and immediately alerts a Systems Administrator whenever a Rogue Access Point is detected. Conventionally it is achieved by comparing the MAC Address of the participating wireless devices. Rogue devices can Spoof MAC address of an authorized network device as their own. New research uses Fingerprinting approach to weed out devices with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against the known signatures of pre-authorized, known wireless devices. EETimes news: ''University research aims at more secure Wi-Fi'' . INTRUSION PREVENTION In addition to intrusion detection, a WIPS also includes features that prevent against the threat ''automatically''. For automatic prevention, it is required that the WIPS is able to accurately detect and automatically classify a threat. The following types of threats can be prevented by a good WIPS:
IMPLEMENTATION Most WIPS configurations consist of three components:
A simple intrusion detection system can be a single computer, connected to a wireless signal processing device, and Antenna s placed throughout the facility. For huge organizations, a Multi Network Controller provides central control of multiple WIPS servers, while for SOHO or SMB customers, all the functionality of WIPS is available in single box. In a WIPS implementation, users first define the operating wireless policies in the WIPS. The WIPS sensors then anaylze the traffic in the air and send this information to WIPS server. The WIPS server correlates the information validates it against the defined policies and classifies if it is a threat. The threat is then notified to the administrator of WIPS, or, if a policy has ben set accordingly, the WIPS takes automatic protection measures. NOTABLE IMPLEMENTATIONS A commercial intrusion detection system with geolocation capability was originally developed by Cole Innovations in conjunction with the AFRL (Air Force Research Laboratory) Information Directorate in Rome, NY in 2001. The system could alert authorities in real-time as to where the attacker is located and what they are attempting to do. This was done to meet military security demands as they began to rely more heavily on wireless devices. The system has also integrated into law enforcement applications. SEE ALSO REFERENCES EXTERNAL LINKS
|
|
|