There has recently been a big increase in the use of wireless networks such as wireless wide area networks (WiWAN), wireless local area networks (WiLAN), etc. Such wireless networks typically communicate with an Open System Interconnection (“OSI”) model Layer 1, Layer 2 and above type wireless protocols specified by the Institute of Electrical and Electronics Engineers (IEEE) 802.11 Working Group, such as 802.11b, 802.11a, 802.11g and others.
As is known in the art, the OSI model is used to describe computer networks. The OSI model consists of seven layers including from lowest-to-highest, a physical (Layer 1), data-link (Layer 2), network, transport, session, presentation and application layer (Layer 7). The physical layer transmits bits over a communication link. The data link layer transmits error free frames of data. The network layer transmits and routes data packets.
The advent of wireless networks has spawned many new types of security threats. Malicious individuals can easily sit outside an organization's premises and, if undetected, freely connect to a wireless network. This is especially undesirable for military and government organizations that routinely need to transmit and receive secret or classified information. A wireless access point (WiAP) may allow an internal, non-protected wireless network to be compromised by unknown and non-trusted users who are simply within an appropriate wireless communication range.
Many traditional security measures are ineffective when applied to wireless networks. Wireless access to networks, for example, cannot easily be monitored and controlled through perimeter defenses such as firewalls and proxy servers.
Existing wireless intrusion detection technology is typically either host-based (e.g., Security Adaptation Manager (SAM), etc.), network-based (e.g., Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD), etc.), or rule-based (e.g., virus checkers and/or Snort IDS, etc.). Many existing wireless intrusion detection systems also rely heavily on manual intervention by network administrators. For example, a network administrator typically needs to interpret log files and manually execute preventative measures to effectively protect wireless networks.
There have been attempts to push the evolution of wireless intrusion detection to include intrusion prevention. However such attempts are typically at least OSI model Layer 2 (e.g., datal-link layer) or Layer 3 (e.g., network layer) and typically lack OSI Layer 1 physical layer Radio Frequency (RF) intrusion prevention for wireless networks.
Thus, it is desirable to provide a physical layer wireless intrusion detection system with an integrated higher level security management system at a data-link layer or above.