1. Field of the Invention
The present invention generally relates to the field of network access mechanisms, and more particularly, to a system and method for proactive network management that enables secure multi-level network access in a peer-to-peer and infrastructure setup using a service set identifier (SSID) field.
2. Discussion of the Background
A service set identifier (SSID) is a unique label that distinguishes one wireless local area network (WLAN) from another. Wireless devices use the SSID to establish and maintain connectivity. As part of the association process, a wireless network interface card (NIC) must have the same SSID as the access point or peer device. An SSID includes up to thirty two alphanumeric characters, which are case sensitive and because an SSID may be sniffed in plain text from a packet it does not supply any security to the network.
Traditional access points are only capable of supporting a singe SSID. In the case of peer-to-peer networks, typically, each device can maintain only a single ad hoc connection at a time. Many companies these days, however, are offering enterprise-class access points that support multiple SSIDs. This logically divides the access point into several virtual access points, all within a single hardware platform. Many companies want to take advantage of this technology, because using access points to support more than one application, such as public Internet access, inventory control, and the like, increases flexibility and keeps costs down.
The use of multiple SSIDs also means more flexibility when deploying a shared WLAN infrastructure. Instead of supporting only one type of application, possibly one that requires significant authentication and encryption, the WLAN can also maintain other applications that don't require such stringent controls. For example, the access point could support both public and operational users from a single access point.
The benefits of a shared infrastructure are certainly cost savings and enabling of mobile applications. For example, rather than having two separate WLANs (e.g., which probably isn't feasible), a company can deploy one WLAN and satisfy all requirements. The combination of multiple applications enables the ones having lower return on investment to be part of the WLAN. Sometimes a company needs to have several applications supported together to make the costs of deploying a WLAN feasible.
Because SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab by snooping the WLAN looking for SSID broadcast messages coming from a device or access point. For example, knowing one's SSID brings hackers one step closer to a successful intrusion. While disabling SSID broadcast is just one of many techniques for tightening security on a wireless Ethernet (e.g., Wi-Fi) network, this technique is not 100% effective, as hackers can still detect the SSID by sniffing different messages in the Wi-Fi protocol. In the case of ad hoc connections, disabling SSID broadcast is not even an option.
Therefore, there is a need for a method and system for preventing rouge devices from accessing an ad hoc connection, preventing an accidental connection to rogue ad hoc connections, and providing additional network access levels for peer-to-peer networks.