The market adoption of wireless LAN (WLAN) technology has exploded, as users from a wide range of backgrounds and vertical industries brought this technology into their homes, offices, and increasingly into the public air space. This inflection point highlighted not only the limitations of earlier-generation systems, but the changing role WLAN technology now plays in people's work and lifestyles, across the globe. Indeed, WLANs are rapidly changing from convenience networks to business-critical networks. Increasingly users are depending on WLANs to improve the timeliness and productivity of their communications and applications, and in doing so, require greater visibility, security, management, and performance from their network.
As enterprises and other entities increasingly rely on wireless networks, security of wireless network environments becomes a critical component to ensure the integrity of the enterprise's network environment against unauthorized access. Indeed, wireless networks pose security risks not encountered in wired computer network, since any wireless client in the coverage area of an access point can potentially gain access to the network without a physical connection. In an 802.11 wireless network, prior art security mechanisms are implemented in a variety of manners. For example, the 802.11 protocol provides for shared-key authentication according to which a wireless client must possess a shared secret key in order to establish a wireless connection with an access point. In addition, as with wired networks, the wireless network infrastructure can operate in connection with application level security mechanisms, such as a RADIUS or other authentication server, to control access to network resources.
To establish a wireless connection with an access point, a wireless client or station (STA) transmits probe requests to discover the access point(s) within range. After selecting an access point, the wireless client transmits an authentication request to the selected access point. With open system authentication, the access point responds to the request, either accepting or rejecting the request. With shared-key authentication, the access point transmits a challenge response. To authenticate, the wireless must send an encrypted version of the challenge response (using a shared key) in an authentication frame back to the access point.
As one skilled in the art recognizes, each time an access point interacts with a wireless client associated with a malicious, unauthorized user, there is a risk that the malicious user can gain access to the network environment. After failing to connect at a first access point, a malicious or unauthorized user may simply move to another access point and attempt to establish a wireless connection. In prior art wireless network environments, however, there exists no mechanism for coordinating or distributing security policy across access points. Accordingly, the knowledge gleaned from interaction with a given wireless client at the first access point essentially goes unused when the user moves to a different coverage area and new access point, exposing the network to a new round of attacks.
In light of the foregoing, a need in the art exists for methods, apparatuses and systems that facilitate the distribution of security information across access points associated with a wireless network environment. A need further exists for methods, apparatuses, and systems that allow for the sharing of security information across access points to effect a unitary security scheme throughout a wireless network environment. Embodiments of the present invention substantially fulfill these needs.