The invention disclosed herein relates generally to network security and monitoring. More specifically, the invention relates to collecting identifying information to enforce access rights to network destinations for supplicants connecting to a network via an access point and using this identifying information to perform supplicant-based analysis of network traffic.
Over the past several years there has been an extensive proliferation of network access devices through which client terminals may access computer networks, such as the Internet. The vast majority of access points in place today adhere to one form of the Ethernet protocol over a wired or wireless medium. In both wired and wireless environments, network protocol over a wired or wireless medium. In both wired and wireless environments, network access and accounting are critical to protect sensitive network resources and account for the use of those resources by supplicants, e.g., users or end terminals. In this regard, a number of methodologies have been developed in an attempt to secure networks from intruders.
One of the most widespread methodologies for securing access to wireless networks is the Wired Equivalent Privacy (WEP) protocol intended to bring a level of physical security equivalent to that enjoyed by wired local area networks to WLANs. The WEP algorithm involves encrypting data traffic between a device and an access point through the use of a shared key; most administrators rely on a single key shared among an access point and its connected devices. This algorithm, however, comprises a critical flaw allowing decryption of data traffic. Researchers from the Internet Security, Applications, Authentication and Cryptography group (ISAAC) in the Computer Science Division at the University of California at Berkeley have identified a number of successful attacks against the algorithm including: passive attacks based on statistical analysis, active attacks to inject new data traffic from unauthorized mobile stations, active attacks based on tricking an access point and dictionary building attacks that allows real-time automated decryption of data traffic. Information pertaining to WEP vulnerabilities is available at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.
Another technique that has been developed for securing access to wired and wireless networks is the set of 802.1X enhancements to the various 802.11 specifications. 802.1X is a technology that is implemented at a network access point to prevent unauthorized access to the resources hosted by the access point. The security protocol used, referred to as the Extensible Authentication Protocol, handles the interaction between the access point and supplicant to obtain identification information that is validated by an authentication server. To date, however, this technology has not implemented any type of functionality that allows a user, such as a network administrator, to monitor or analyze the data traffic on a per-supplicant basis.
Modern networking environments provide enormously enhanced data transmission capabilities over environments available only a few years ago. At the same time, an increasing number of network service providers and users need to be able to monitor network traffic and use. In order to resolve the conflict between the escalating amount of network traffic and the increased need for monitoring, efficient, accurate, and inexpensive methods of statistical packet sampling have been developed. As indicated, however, network monitoring methodologies have not implemented functionality to monitor users as they connect to access points and control the transmission of data packets.
There is thus a need for a system, method and article of manufacture whereby identification information may be collected for a supplicant connected to a given port on an access device to selectively prevent or allow access to network resources, the identification information further used to associate the supplicant identification information with sample data packets selected from monitored data traffic in order to perform supplicant based analysis.