Abstract: The wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs. Upon identifying unauthorized AP and/or intruding wireless station an indication is transferred to the prevention process.

Abstract: A method for smart mobile devices monitoring in wireless local area networks. The method includes installing a wireless security monitoring system or a wireless access system in a local area network. The method includes configuring the wireless security monitoring system or the wireless access system to communicate with a mobile device management (MDM) system. The method includes detecting a wireless client connecting to the wireless local area network and identifying the wireless client to be a smart mobile device. Moreover, the method includes receiving an indication at the wireless security monitoring system or the wireless access system from the MDM system regarding whether the wireless client is a managed device or not. The method also includes classifying the wireless client as approved or unapproved smart mobile device based at least upon the indication received from the MDM system.

Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus includes a processing unit. It includes a wireless network interface device and an Ethernet (or like) wired network interface device that are coupled to the processing unit. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from a wireless access point device that is operational about the selected local geographic region. A code is directed to performing connectivity test using one or more marker packets to determine connectivity status of the wireless access point device to network to be protected from intrusion. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.

Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: The wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs. Upon identifying unauthorized AP and/or intruding wireless station an indication is transferred to the prevention process.

Abstract: A method, a multi-tenant security server apparatus and associated system for securing wireless communication of devices. The method includes transferring security policy configuration information from the security server to wireless devices. The method also includes ascertaining compliance of wireless activity of the wireless devices with the security policy configuration using client software modules installed on the wireless devices.

Abstract: A method for smart mobile devices monitoring in wireless local area networks. The method includes installing a wireless security monitoring system or a wireless access system in a local area network. The method includes configuring the wireless security monitoring system or the wireless access system to communicate with a mobile device management (MDM) system. The method includes detecting a wireless client connecting to the wireless local area network and identifying the wireless client to be a smart mobile device. Moreover, the method includes receiving an indication at the wireless security monitoring system or the wireless access system from the MDM system regarding whether the wireless client is a managed device or not. The method also includes classifying the wireless client as approved or unapproved smart mobile device based at least upon the indication received from the MDM system.

Abstract: An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus includes a processing unit. It includes a wireless network interface device and an Ethernet (or like) wired network interface device that are coupled to the processing unit. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from a wireless access point device that is operational about the selected local geographic region. A code is directed to performing connectivity test using one or more marker packets to determine connectivity status of the wireless access point device to network to be protected from intrusion. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.

Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: A method and a system for detecting access point devices that provide unauthorized wireless access to local area computer networks is provided. The method includes transferring one or more marker packets to the wired portion of the local area network. The one or more marker packets include an authentication data that is computed based at least upon identify of the wirelessly active access point device and a secret key. The method includes processing one or more wireless frames transmitted from the wirelessly active access point device to extract and to verify at least a portion of the authentication data.

Abstract: A method for detecting address rotation by a device in a communication network includes receiving, at a first time, a first message transmitted by the device, receiving, at a second time, a second message transmitted by the device, and processing the first message to determine a first sequence number and a first transmitter address. The method also includes processing the second message to determine a second sequence number and a second transmitter address, determining that the second transmitter address is different from the first transmitter address, determining a time gap between the first time and the second time, and determining, based, in part, on the time gap, a sequence threshold value. The method further includes determining a sequence difference between the first sequence number and the second sequence number, determining that the sequence difference is less than the sequence threshold value, and providing an indication of address rotation by the device.

Abstract: A method for restricting one or more wireless devices from engaging in wireless communication within a selected local geographic region. The method includes receiving an indication comprising at least identity information. Preferably, the indication is associated with a selected wireless device, which is associated with an undesirable wireless communication within the selected local geographic region. The method includes selecting one or more processes directed to restrict the selected wireless device from engaging in wireless communication and performing a prioritized access to a wireless medium using at least one of one or more sniffer devices, which are spatially disposed within a vicinity of the selected local geographic region. The method transmits one or more packets from the at least one of one or more sniffer devices. Preferably, the one or more packets are directed to perform said one or more processes to restrict the selected wireless device.

Abstract: A method of estimating a location of a wireless device providing a wireless attack. The method includes disposing a number of sniffers in a geographic region and receiving a number of wireless signals at one or more of the number of sniffers. The method also includes processing the number of wireless signals to identify a subset of the number of wireless signals that are associated with the wireless device and determining a number of received signal strengths associated with the subset of the number of wireless signals. The method further includes providing an estimation of the location of the wireless device utilizing the determined received signal strengths associated with the subset of the number of wireless signals.

Abstract: Methods and systems for detecting a masquerading wireless device in a local area network are provided. The method includes receiving a first packet and a second packet. Preferably, the first packet includes a first identity information and a first time information, and the second packet includes a second identity information and a second time information. The method can compute, using the first time information, a first approximation to a starting time of a wireless device associated with the first identity information. The method can also compute, using the second time information, a second approximation to a starting time of a wireless device associated with the second identity information. The method further includes determining whether a masquerading wireless device is present in the local area network based on at least the first and second approximations.

Abstract: A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy.

Abstract: A method for arbitrating use of wireless medium for transmission of wireless signals within a selected local geographic region. The selected local geographic region comprises a first set of a plurality of devices to be allowed to transmit wireless signals and a second set of one or more devices to be substantially restricted from transmitting wireless signals. The method includes providing identity information associated with the first set of wireless devices. The method includes transmitting over a wireless medium at least one packet for each of the wireless devices in the first set. The at least one packet for each of the wireless devices includes an identity information, including an address, associated with that wireless device. That wireless device is a recipient of the one packet on the wireless medium. The at least one packet also has a selected value in a duration field of at least the one packet.

Abstract: A system and method is provided for detecting wireless access devices coupled to local area network of computers. The method includes coupling a sniffer device to a local area network. The method includes transferring one or more packets to be directed to a selected device over the local area network. The selected device is preferably coupled to the local area network. The method includes intercepting the one or more packets to be directed to the selected device at the sniffer device. Moreover, the method includes deriving information from the intercepted one or more packets using the sniffer device. The method can generate one or more marker packets in a selected format using the sniffer device. The marker packets are provided based upon at least a portion of the information derived from the intercepted packets.

Abstract: According to an embodiment of the present invention, the wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers continue to monitor the selected geographic area to detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs.