Abstract: Methods and systems for disrupting potential attacks on a wireless network through transmission of random data are disclosed. Specifically, this disclosure relates to systems and methods for disrupting the breaking of the secret key or passphrase by an adversary or rogue device for Wi-Fi networks using wired equivalent privacy (WEP) and Wi-Fi protected access (WPA).

Abstract: The present disclosure is directed to systems and methods for generating, managing, and displaying alarms associated with monitoring a wireless network. Advantageously, the present disclosure provides one alarm per security event, and the ability to see an event in context over time and aggregate information. This results in a significant reduction in alarm volume for wireless monitoring which increases manageability and reduces storage requirements. Further, this provides better security by avoiding the “needle in the haystack” problem where you see few actionable alarms rather than being flooded by multiple copies of the same event over time. Finally, the present disclosure provides improved system scalability with large deployments by managing alarms through lesser alarm volume, and through visual representation.

Abstract: An agent for monitoring a wireless device is provided. The agent compares communications against policy guidelines and determines whether a violation of the policy guidelines has been committed, and communicates information about the violation to an authorized user.

Abstract: A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.

Abstract: Systems and methods for distributed monitoring of a wireless network using a plurality of wireless client devices in communication with the wireless network.

Abstract: Systems and methods of determining the content of frames transmitted on a wireless network through comparison of captured frames to predetermined statistical patterns.

Abstract: The present disclosure is directed to systems and methods for proactively enforcing a wireless free zone over an enterprise's airspace using Open Systems Interconnect (OSI) layer one, two, and three based techniques. The systems and methods prevent wireless communications over IEEE 802.11 (WiFi), IEEE 802.16 (WiMax), and IEEE 802.15.1 (Bluetooth) networks to enable an enterprise to enforce compliance to a no-wireless policy. Smart antennas and coverage planning are included to avoid disrupting a neighbor's wireless communications. Further, the disclosed systems and methods can be combined into existing Wireless Intrusion Prevention Systems (WIPS) or in a stand-alone sensor and server configuration to offer proactive no-wireless zones.

Abstract: A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.

Abstract: Systems and methods for using wireless radios for spectral analysis. Systems and methods include using wireless radios that are included in wireless devices communicating on the wireless network to perform a spectral scan of frequencies on a wireless network.

Abstract: Security vulnerability assessment for wireless networks is provided. Systems and methods for security vulnerability assessment simulate an attack upon the wireless network, capture the response from the wireless network, and identify a vulnerability associated with the wireless network after analyzing the response from the wireless network.

Abstract: A wireless network security system including a system data store capable of storing network default and configuration data, a wireless transmitter and a system processor. The system processor performs a network security method. An active defense request signal is received, typically from an intrusion detection system. The received request signal includes an indicator of an access point within the wireless computer network that is potentially compromised. In response to the received an active defense of the wireless network is triggered. The triggered active defense may be on or more of transmitting a jamming signal, transmitting a signal to introduce CRC errors, transmitting a signal to increase the difficulty associated with breaking the network encryption (typically by including in the signal packet appearing legitimate but containing randomized payloads, or transmitting a channel change request to the potentially compromised access point.

Abstract: This application is directed to systems and methods for surveying a wireless network site. A wireless network receiver or proxy is contacted. One or more client identifiers are received from the contacted receiver or proxy. Coordinate information is also received from the contacted receiver or proxy. The received client identifiers are correlated with the received coordinate information. RF signal characteristic data is received from the contacted wireless network or proxy. Survey data is stored based on the received client identifiers, coordinate information, and RF signal characteristic data.

Abstract: Systems and methods for RFID intrusion protection are defined. The system uses RFID sensors coupled with one or more servers to detect unauthorized scanning or programming of RFID tags. The system has active defense mechanisms to block unauthorized communications between a rogue RFID reader and one or more tags. Special IPS tags implement active defenses and log activity for tags that are not within the protected perimeter or in transit.

Abstract: A network security system includes a system data store capable of storing a variety of data associated with an encrypted computer network and communications transmitted thereon, a communication interface supporting communication over a communication channel and a system processor. Data corresponding to communications transmitted over the encrypted communication network are received. One or more tests are applied to the received data to determine whether a particular communication represents a potential security violation. An alarm may be generated based upon the results of the applied test or tests.

Abstract: This application is directed to systems and methods for adaptively scanning for wireless communications. Scan data associated with scanning one or more wireless network channels based upon a scan pattern is received. Each wireless channel has a designation of primary or secondary with at least one channel having the secondary designation. A determination is made as to whether anomalous activity is present on a selected wireless channel designated as secondary. If anomalous activity is determined to be present, at least one scanning parameter of the selected channel is altered.

Abstract: This application is directed to systems and methods for adaptive monitoring of a wireless network with bandwidth constraints. A data unit from a wireless node is received. When a bandwidth constraint is satisfied, the received data unit is buffered. When the bandwidth constraint is not satisfied, the received or buffered data unit is transmitted to a monitoring processor. In some instances, downsampling, data discard and data aggregation can occur during the buffering process.

Abstract: Systems and methods of determining the content of frames transmitted on a wireless network through comparison of captured frames to predetermined statistical patterns.

Abstract: Methods and systems for disrupting potential attacks on a wireless network through transmission of random data.

Abstract: This application is directed to systems and methods for managing wireless network sensors. A plurality of wireless network sensors in the network region are identified. For each of the network sensors in the plurality of wireless network sensors, a designation of primary or secondary with respect to the network region is selected. A collection agent for the selected network region is determined. An indicator of the determined collection agent is communicated to the plurality of wireless network sensors in the network region. Scan data for the network region is received from the collection agent.

Abstract: The present invention is directed to systems and methods for automated detection of one or more wireless network policy violations and/or enforcement of such policies. A wireless network policy violation is detected. Associated with the detected violation are one or more wireless network attributes. A responsive corrective action is triggered which is based at least in part upon the detected violation, the associated wireless network attributes or combinations thereof. The corrective action can in some instances include a notification to a user or further system. In addition to, or instead of, a notification, the corrective action can include an attempt to configure one or more devices in the wireless network to correct, in whole or in part, the detected violation.