Wireless intrusion detection system

From Wikipedia, the free encyclopedia

A wireless intrusion detection system (WIDS) is a network device that monitors the radio spectrum for the presence of unauthorized, rogue access points.

Large organizations with many employees are particularly vulnerable to security breaches caused by rogue access points. If an employee (trusted entity) in a location brings in an easily available wireless router, the entire network can be exposed to anyone within range of the signals.

A typical wireless intrusion detection system consists of a network appliance, which can be a simple computer, connected to a wireless signal processing device, and antennas placed throughout the facility. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Rogue devices can spoof MAC address of an authorized network device as their own. New research uses fingerprinting approach to weed out devices with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against the known signatures of pre-authorized, known wireless devices. ^[1]

[edit] See also

• Wireless intrusion prevention system
• Wardriving

[edit] References

[edit] External links

• http://www.wirelessve.org/
• http://www.acsac.org/2003/case/thu-c-1330-Pleskonjic.pdf
• http://www.conwex.info/Dragan_Pleskonjic.html
• http://www.conwex.info/products_solutions.html