Abstract: A method for classifying radio interfaces in a wireless network. The method includes transferring an unknown MAC address associated with a radio interface of a communication device through a wireless medium and detecting the unknown MAC address on the wireless medium using a first sniffer device. The method also includes transferring information through an access point coupled to a wired medium utilizing the radio interface of the wireless communication device. The information includes the unknown MAC address. The method further includes detecting the unknown MAC address on the wired medium using a second sniffer device and classifying the radio interface as an authorized radio interface based upon detecting the unknown MAC address on the wireless medium and detecting the unknown MAC address on the wired medium.

Abstract: A method, a multi-tenant security server apparatus and associated system for securing wireless communication of devices. The method includes transferring security policy configuration information from the security server to wireless devices. The method also includes ascertaining compliance of wireless activity of the wireless devices with the security policy configuration using client software modules installed on the wireless devices.

Abstract: A method for arbitrating use of wireless medium for transmission of wireless signals within a selected local geographic region. The selected local geographic region comprises a first set of a plurality of devices to be allowed to transmit wireless signals and a second set of one or more devices to be substantially restricted from transmitting wireless signals. The method includes providing identity information associated with the first set of wireless devices. The method includes transmitting over a wireless medium at least one packet for each of the wireless devices in the first set. The at least one packet for each of the wireless devices includes an identity information, including an address, associated with that wireless device. That wireless device is a recipient of the one packet on the wireless medium. The at least one packet also has a selected value in a duration field of at least the one packet.

Abstract: A method for disrupting unauthorized communications between at least two communication devices is provided. The method comprises using an address resolution protocol (ARP) to redirect transfer of data that occurs using unauthorized wireless communication between a first wireless device and a second wireless device. In a preferred embodiment, the method maintains a layer two wireless link while the data are being redirected.

Abstract: According to an embodiment of the present invention, the wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers continue to monitor the selected geographic area to detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs.

Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: A method for arbitrating use of wireless medium for transmission of wireless signals within a selected local geographic region. The selected local geographic region comprises a first set of a plurality of devices to be allowed to transmit wireless signals and a second set of one or more devices to be substantially restricted from transmitting wireless signals. The method includes providing identity information associated with the first set of wireless devices. The method includes transmitting over a wireless medium at least one packet for each of the wireless devices in the first set. The at least one packet for each of the wireless devices includes an identity information, including an address, associated with that wireless device. That wireless device is a recipient of the one packet on the wireless medium. The at least one packet also has a selected value in a duration field of at least the one packet.

Abstract: A method for protecting wireless communications from denial of service attacks is provided. The method comprises establishing a first wireless connection between an access point device and a client device. The method also comprises receiving at the access point device a request for establishing a second wireless connection between the access point device and the client device while a state of the first wireless connection being an established state at an access point device side endpoint. The method comprises verifying whether the first wireless connection is in the established state at the client device side endpoint.

Abstract: A method for disrupting undesirable wireless communication in wireless network is provided. The method includes providing one or more sniffer devices to monitor wireless communications in a wireless network and detecting a wireless connection established between an access point device and a client device using the one or more sniffer devices. Preferably, the wireless connection is configured for not being disconnected upon receiving a spoofed disconnection request transmitted from a wireless device other than the access point device and the client device. The method also includes disrupting the wireless connection established between the access point device and the client device by transmitting one or more spoofed connection requests from at least one of the one or more sniffer devices.

Abstract: A system and method is provided for detecting wireless access devices coupled to local area network of computers. The method includes coupling a sniffer device to a local area network. The method includes transferring one or more packets to be directed to a selected device over the local area network. The selected device is preferably coupled to the local area network. The method includes intercepting the one or more packets to be directed to the selected device at the sniffer device. Moreover, the method includes deriving information from the intercepted one or more packets using the sniffer device. The method can generate one or more marker packets in a selected format using the sniffer device. The marker packets are provided based upon at least a portion of the information derived from the intercepted packets.

Abstract: Methods and systems for detecting a masquerading wireless device in a local area network are provided. The method includes receiving a first packet and a second packet. Preferably, the first packet includes a first identity information and a first time information, and the second packet includes a second identity information and a second time information. The method can compute, using the first time information, a first approximation to a starting time of a wireless device associated with the first identity information. The method can also compute, using the second time information, a second approximation to a starting time of a wireless device associated with the second identity information. The method further includes determining whether a masquerading wireless device is present in the local area network based on at least the first and second approximations.

Abstract: A system and method is provided for detecting wireless access devices coupled to local area network of computers. The method includes coupling a sniffer device to a local area network. The method includes transferring one or more packets to be directed to a selected device over the local area network. The selected device is preferably coupled to the local area network. The method includes intercepting the one or more packets to be directed to the selected device at the sniffer device. Moreover, the method includes deriving information from the intercepted one or more packets using the sniffer device. The method can generate one or more marker packets in a selected format using the sniffer device. The marker packets are provided based upon at least a portion of the information derived from the intercepted packets.

Abstract: A system and method for locating a wireless device in one or more wireless networks within a selected geographic region. The method includes generating a computer model of a selected geographic region including a layout and inputting information associated with one or more components of a wireless network into the computer model. The one or more components includes at least one or more sniffer devices. Additionally, the method includes determining signal intensity characteristics of the one or more components of the wireless network over at least a portion of the selected geographic region and receiving one or more wireless signals from one or more wireless devices. Moreover, the method includes determining a plurality of probabilities associated with a plurality of locations for at least one of the one or more wireless devices.

Abstract: An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device.

Abstract: An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device.

Abstract: A method for disrupting unauthorized communications between at least two communication devices is provided. The method comprises using an address resolution protocol (ARP) to redirect transfer of data that occurs using unauthorized wireless communication between a first wireless device and a second wireless device. In a preferred embodiment, the method maintains a layer two wireless link while the data are being redirected.

Abstract: A method and a system for scheduling instances of prevention processes for inhibiting undesirable wireless communication of wireless devices is provided. The method includes identifying a wireless device based on a detected undesirable wireless communication. The method can initiate an instance of a prevention process directed to the wireless device so identified. The prevention process can include AP flooding, deauthentication and the like. Preferably, the instance of the prevention process can inhibit the wireless device for certain duration. The method includes setting an inhibited time interval. Preferably, the inhibited time interval is associated with the duration for which the wireless device is inhibited due to the instance of the prevention process. Moreover, the method can perform scanning for other undesirable wireless communication and/or access point functionality during at least a portion of the inhibited time interval.

Abstract: A method for protecting local area networks within a selected local geographic region (e.g. office, apartment, building, coffee shop, hot-spot etc.) from wireless attacks, using a wireless sniffer apparatus. The method includes placing one or more wireless sniffer apparatus spatially to provide substantial radio coverage over at least a portion of the selected local geographic region comprising one or more local area networks. Moreover the method includes coupling one or more of the wireless sniffer apparatus to one or more of the local area networks.

Abstract: A method for protecting local area networks within a selected local geographic region (e.g. office, apartment, building, coffee shop, hot-spot etc.) from wireless attacks, using a wireless sniffer apparatus. The method includes placing one or more wireless sniffer apparatus spatially to provide substantial radio coverage over at least a portion of the selected local geographic region comprising one or more local area networks. Moreover the method includes coupling one or more of the wireless sniffer apparatus to one or more of the local area networks.