I. Field of the Invention
The present invention generally relates to communications. More particularly, the invention relates to systems and methods for detecting a wireless access device on a network.
II. Background Information
Recently, wireless access devices (also known as wireless access points or “WAPs”) have emerged to provide users with a wireless connection to a network. For example, a user with a laptop computer configured with a wireless network interface card may access a network through a wireless access device. The wireless access device thus serves as a gateway, connecting the user's computer to a network, such as the Internet, corporate intranet, or residential local area network.
With increased frequency, office buildings and homes are being outfitted with wireless access devices to enable users to wirelessly connect to networks, such as the Internet. Indeed, the IEEE (Institute of Electrical and Electronic Engineers) has promulgated a series of standards under IEEE 802.11 to promote wireless local area networks. As such, inexpensive wireless products have exploded onto the marketplace.
Although these wireless local area networks free users from their wired network connections, wireless access devices pose a significant risk to network security. Since the wireless access devices are inexpensive and relatively easy to install, a user can readily install a wireless access device without any authorization or assistance from information technology personnel. These unauthorized (or rogue) wireless access devices represent an open door to private corporate networks (or intranets). In essence, these rogue devices permit anyone within radio frequency range of the wireless access device to connect to a network using a computer and a wireless network interface card compatible with, for example, IEEE 802.11(b), the IEEE standard defining requirements of wireless local area networks and devices that interface to such networks.
Past approaches of detecting wireless access devices are simply not practical or reliable. For example, a physical inspection of a network is one way to detect a wireless access device. But a physical inspection of a large network is impractical because the inspector will have to travel to every point on the network and physically inspect all points of the network. Another way of detecting a wireless access device is with the use of a radio frequency “sniffer” that queries the wireless access device for a response. However, with the limited radio range of a wireless access device, using a sniffer is only marginally better than a physical inspection, since the inspector will still need to travel to all points on the network. Lastly, past approaches that identified wireless access devices through the wired network itself, used address information, such as the OUI (Organizationally Unique Identifier) contained within the MAC (Media Access Control) address. But using the MAC address is unreliable since too many devices may be incorrectly identified as a wireless access device. Accordingly, a practical and reliable way of detecting wireless access devices is needed.