Computers and their use are pervasive in organizations and enterprises. In a typical organization, there may be dozens, hundreds, or even thousands of client computers interconnected via an internal network (e.g., an intranet) to communicate with one another and with applications servers in the network. Switches (e.g., routers, bridges, hubs, etc.) facilitate the routing of data packets among the client computers, to/from the servers in the Intranet, and to/from the extranet (e.g., the Internet).
Given the amount of data handled by computers nowadays, data security is a big concern of organizations and in particular of the organization's IT staff. One of the biggest security risks to computer data pertains to the use of unauthorized wireless access points (APs). Generally speaking, a wireless access point represents a wireless switch that can be plugged into the network to allow wireless client devices (such as laptop computers and other wireless devices) to send and receive data via the enterprise's network. Via an access point, a wireless laptop computer may, for example, access applications on the enterprise servers, send and receive information with one or more other client devices or servers, and/or may even access the Internet.
Access points can be either authorized or unauthorized. Authorized access points represent access points that met the approval of professional IT staff and tend to be properly installed and safeguarded against security risks. Generally speaking, the skills required to properly safeguard an access point against security risks tend to be fairly high, and thus the proper installation and configuration of an authorized access point typically requires the expertise of well-trained IT staff. A typical user may be able to purchase and install a wireless access point but unless the user is adequately trained in the latest security risk countermeasures, it is unlikely that an average user would have enough technical knowledge to properly safeguard an access point against unauthorized access and other security risks.
The omni-directional broadcast nature of wireless access points also render access points particularly vulnerable to attempts by unauthorized users or hackers to intrude into the enterprise's network. Thus, detecting unauthorized access points and unauthorized wireless client devices in a network is one of the highest priorities of security-conscious IT staff.
Generally speaking, an access point may be managed by a management console, which represents a software construct accessible to the user to manage the access point. For example, the management console of a given access point may be accessible via the browser by pointing at a special IP address and entering the required userID and password when asked. By accessing the management console, the user may set up security parameters, control access privilege of users, and perform other access point management tasks.
However, unless IT staff knows of the existence of an access point and knows the IP address or the means by which the management console can be accessed, and further knows the userID and password, the management console is not useful to IT staff as a tool to ascertain the presence and identity of unauthorized wireless devices and unauthorized wireless access points in a network.
IT staff may attempt to install a software agent on all client devices. The software agent is configured to inform the IT staff whenever the client computer employs the wireless mode for communication within the enterprise perimeter. If the wireless mode is authorized, no alarm is raised. On the other hand, if a client computer employs the wireless mode for communication, and such wireless communication is unauthorized by IT staff for this particular computer, the software agent may enable IT staff to quickly ascertain the identity of the offending client computer, thereby enabling IT staff to quickly address the security risk.
However, the software agent only works if it is installed on the client device. This simple fact renders the software agent approach lacking as a reliable security solution. As an example, some users may access the enterprise's network using personal laptop computers or personal PDAs in which the software agent has not been installed by IT staff. As another example, intruders most likely would employ their own computers, which are inaccessible to IT staff for installing the software agent, for hacking into the network. In these cases, no information would be provided to IT staff even if unauthorized wireless access has occurred.
IT staff may also employ wireless sniffers, which are commercially available monitoring devices, for monitoring wireless packets that are transmitted via the wireless medium within the vicinity of the enterprise. By sniffing wireless packets, the wireless sniffer can ascertain the identity of the origination and destination devices (e.g., by inspecting the origination IP address and the destination IP address in the header of wireless packets). If the number of wireless devices on the network exceeds the number of wireless devices actually authorized, the existence of an unauthorized wireless device is a possibility.
However, over-burdened IT staff nowadays tend to be reluctant to purchase, maintain, and use yet another tool. It is often the case that IT staff in a typical organization is already stretched as they try to keep up with rapidly changing technology and the ever-changing demands of users. This is particularly true for small organizations, which typically have neither the budget nor the manpower to purchase or maintain expensive tools for network management. Accordingly, commercial sniffers and their use have not been widely adopted by IT organizations.