This disclosure relates to wireless network protection systems and methods, and more particularly to systems and methods for disrupting the breaking of encryption for wired equivalent privacy (WEP) and the breaking of authentication for Wi-Fi protected access (WPA) protection filtering and systems and method for disrupting reconnaissance, denial-of-service (DOS), insertion, and masquerade attacks.
Wireless networks, also known as Wireless Local Area Networks (WLANs), offer a quick and effective extension of a wired network or a standard local area network (LAN). Wireless networks can achieve transmission rates close to that of wired networks such as 11 Mb/s and 54 Mb/s. As such, users can execute many of the same network applications using wireless networks that can be executed using wired networks.
Wireless networks can include nodes such as wireless access points (APs) and wireless client devices. Wireless AP devices can be connected wirelessly to form a wireless network. The AP can also connect to a wired network, and can relay data between wireless devices and wired devices. Wireless client devices can include laptop and desktop computers, and other devices capable of networked communication that are equipped with wireless capability. Nodes can communicate to another node or broadcast on the wireless network.
Wireless networks operated based on standards such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of protocols, which are hereby incorporated by reference. The IEEE 802.11 standard was designed with ease of use in mind. In fact, the original 802.11 standard allowed open authentication and clear text transmissions. The goal was to minimize infrastructure and complicated setups for a friendly, instant-connectivity wireless network. WLAN adoption occurred rapidly. Even important business networks have started using WLAN technology.
However, this has spurred interest within the hacker community to exploit a deployed standard with weak default security. This interest has lead to a proliferation of easy to use tools that can wreak havoc on these networks.
In turn, there has been a counter attempt to provide encryption for data being passed on a wireless network. For example, WEP and WPA are widely deployed on current WLAN systems. However, both WEP and WPA are susceptible to attacks. WEP can be cracked by sniffing frames from the WLAN and using brute force or mathematical algorithms to break the key. WPA can be monitored by hackers who have acquired credentials to monitor WPA-enterprise traffic.
Emerging encryption standards are not all backwards compatible with existing WLAN deployments. Therefore, methods and systems are needed to protect existing WEP and WPA WLAN deployments. Such methods and systems can allow existing WLAN deployments to increase the useful lifespan of WEP and WPA deployments.
This disclosure relates to systems and methods for proactively defending wireless networks from attempts to break encryption or authentication and from attacks such as reconnaissance, sniffing, denial-of-service, and masquerade attacks. Systems and methods can utilize wireless devices in a wireless network to transmit random Wired equivalent privacy (WEP) frames, thereby confusing rogue devices trying to capture encrypted packets in an attempt to break encryption. Such systems and methods can also transmit random challenge-response frames to thwart attacks against authentication. Still further systems and methods can utilize wireless devices in the network to transmit random probe responses in response to a reconnaissance attack, and to inject noise through frames transmitted during denial-of-service, insertion, and masquerade attacks. Systems and methods for protecting wireless networks can be implemented in a distributed wireless intrusion prevention system or in a stand alone monitoring device.
Methods of preventing an attempt to break encryption or authentication of a wireless network can include: monitoring the wireless network; and, transmitting random wired equivalent privacy encrypted frames on the wireless network responsive to a condition in the monitoring step, the random wired equivalent privacy encrypted frames are operable to confuse monitoring devices attempting to capture wired equivalent privacy encrypted frames to break the wired equivalent privacy key.
Methods of thwarting an attack against authentication on a Wi-Fi protected access wireless network can include: monitoring the wireless network; and, transmitting random challenge-response frames on the wireless network responsive to a condition in the monitoring step, the random challenge-response frames are operable to thwart attacks against authentication by forcing a rotation of the keys thereby preventing sniffing attacks by a rogue device.
Methods of using one or more wireless sensors as active transmitting devices to thwart a reconnaissance attack can include: monitoring the wireless network, the monitoring is performed by any of wireless sensors, wireless access points, wireless client devices configured with a software agent, and combinations thereof; and, transmitting random probe requests in response to active reconnaissance probe requests, the random probe requests are operable to thwart a rogue device from performing the reconnaissance attack.
Methods of using one or more wireless sensors to disrupt denial-of-service, insertion, and masquerade attacks include: monitoring the wireless network, the monitoring is performed by any of wireless sensors, wireless access points, wireless client devices configured with a software agent, and combinations thereof; and, transmitting random probe requests in response to an unauthorized frame transmission, the random probe request is operable to create errors in the unauthorized frame transmission such that a device discards the unauthorized frame transmission.