Detailed description wireless intrusion detection system is required for wireless LAN

With the increase in hacker technology, wireless LAN (WLANs) is under more and more threats. Session hijacking and DoS attacks caused by misconfiguration of wireless base stations (WAPs) affect the security of Wireless LAN. Wireless networks are not only attacked based on the traditional wired network TCP/IP architecture, but may also be threatened by the security issues of the 802.11 standard issued by the Institute of Electrical and Electronics Engineers (IEEE. To better detect and defend against these potential threats, wireless LAN also uses an intrusion detection system (IDS) to solve this problem. So that organizations that do not have an intrusion detection system configured began to consider the configuration of IDS solutions. This article will tell you why wireless intrusion detection systems and the advantages and disadvantages of wireless intrusion detection systems are required.

Security from wireless LAN

Wireless LAN is vulnerable to various threats. Like the 802.11 standard encryption method and Wired Equivalent Privacy are both fragile. In the "Weaknesses in the Key Scheduling Algorithm of RC-4" document, it shows that the WEP key can be attacked by brute force cracking during transmission. Even If WEP encryption is used in a wireless LAN, hackers can decrypt key data.

Hackers obtain key data through a spoofing WAP. Without knowing it, the wireless LAN User thought that he was connected to the wireless LAN through a good signal, but he was not aware that he had been listened to by hackers. With the low cost and ease of configuration, wireless LAN is becoming increasingly popular. Many users can also set up wireless base stations (WAPs) in their traditional LAN ), the backdoor programs installed by some users on the network also lead to an unfavorable environment open to hackers. This is why organizations that have not configured an intrusion detection system have begun to consider configuring IDS solutions. Perhaps the traditional LAN users who set up wireless base stations are also facing the threat of hacker listening.

The 802.11 standard network may also be threatened by DoS attacks, making it difficult for the wireless LAN to work. Wireless communication may cause signal attenuation due to physical threats, such as trees, buildings, thunderstorms, and peaks. Wireless phones, such as microwave ovens, may also threaten 802.11-standard wireless networks. A malicious denial of service (DoS) attack initiated by a hacker through a wireless base station may cause the system to restart. In addition, hackers can also use the aforementioned spoofing WAP to send illegal requests to interfere with normal users using the wireless LAN.

Ever-increasing pace is another threat to wireless LAN. This threat exists and may cause a wide range of damages. This is also the reason why 802.11 standards are becoming increasingly popular. Currently, there is no good defense method for such attacks, but we will propose a better solution in the future.

Intrusion Detection

The Intrusion Detection System (IDS) analyzes the transmitted data in the network to determine the damage to the system and the intrusion events. Traditional intrusion detection systems can only detect and respond to damaged systems. Today, intrusion detection systems are used in Wireless LAN to monitor and analyze user activities, identify the types of intrusion events, detect illegal network behavior, and trigger alarms for abnormal network traffic.

The wireless intrusion detection system is similar to the traditional intrusion detection system. However, the wireless intrusion detection system has added some wireless LAN detection and the features of responding to the damage system.

The wireless intrusion detection system can be purchased by providers. In order to improve the performance of the wireless intrusion detection system, they also provide a solution for the wireless intrusion detection system. Today, the popular wireless intrusion detection systems on the market are Airdefense RogueWatch and Airdefense Guard. Some wireless intrusion detection systems have also been supported by Linux. For example, Snort-Wireless and WIDZ in the open source code organization of free software.

Architecture

The wireless intrusion detection system is used for centralized and distributed systems. A centralized wireless intrusion detection system is usually used to connect individual sensors to collect and forward data to a central system that stores and processes data. Distributed Wireless intrusion detection systems generally include multiple devices to process and report IDS. The Distributed Wireless intrusion detection system is suitable for small-scale Wireless LAN, because it is cheap and easy to manage. When too many sensors are required, the cost of processing sensors will be disabled. Therefore, the sensors management of multi-thread processing and reporting takes more time than the centralized wireless intrusion detection system.

A wireless LAN is usually configured in a relatively large place. In this case, to better receive signals, you need to configure multiple wireless base stations (WAPs) and deploy sensors on the location of the wireless base station, which will improve the signal coverage. Because of this physical architecture, most hacker behaviors will be detected. The other advantage is that the distance from the wireless base station (WAPs) is enhanced to better locate detailed geographic locations of hackers.

Physical Response

Physical location is an important part of the wireless intrusion detection system. Attacks targeting 802.11 are often executed very quickly, so the response to the attacks is inevitable. For example, some actions of Intrusion Detection Systems block illegal IP addresses. You need to deploy and find the IP address of the intruder, and you must promptly. Unlike traditional local networks, remote networks can be attacked by hackers, And intruders in Wireless LAN are located locally. The wireless intrusion detection system can be used to estimate the physical addresses of intruders. By analyzing 802.11 of the sensor data to identify the victim, the attacker's address can be located more easily. Once the attacker's target is determined to be reduced, the team will take out Kismet or Airopeek to quickly find intruders Based on the clues provided by the intrusion detection system.

Policy execution

The wireless intrusion detection system not only identifies intruders, but also strengthens its policies. By using a strong policy, the wireless LAN is more secure.

Threat detection

The wireless intrusion detection system can not only detect attackers, but also detect rogue WAPS to identify unencrypted 802.11 standard data traffic.

To better discover potential WAP targets, hackers usually use scanning software. Netstumbler and Kismet. Use the Global Positioning System to record their geographic locations. These tools have become popular because of the geographical support of many websites for WAP.

More serious than scanning, the wireless intrusion detection system detects DoS attacks, which are very common on the network. DoS attacks occur due to Signal Attenuation Caused by building blocking. Hackers also like to launch DoS attacks on wireless LAN. The wireless intrusion detection system can detect such behaviors by hackers. Such as forging a legitimate user to carry out flood attacks.

In addition to the above introduction, wireless intrusion detection systems can also detect MAC address spoofing. It uses a sequential analysis to find out wireless Internet users disguised as WAP.

Defects of the wireless Intrusion Detection System

Although the wireless intrusion detection system has many advantages, its defects also exist. Because wireless intrusion detection systems are a new technology after all. Every new technology has some bugs when it is applied, and wireless intrusion detection systems may also have such problems. With the rapid development of wireless intrusion detection systems, this problem will be solved slowly.

Conclusion

In the future, the wireless intrusion detection system will become an important part of the wireless LAN. Although the wireless intrusion detection system has some defects, the overall advantage is better than the disadvantage. The scanning, DoS, and other 802.11 attacks that the wireless intrusion detection system can detect, coupled with powerful security policies, can basically meet the security requirements of a wireless LAN. With the rapid development of wireless LAN, there are more and more attacks on wireless LAN. Such a system is also necessary.

1. Intrusion detection technology and Test Results Based on Wireless Networks
2. Current situation and technical points of Wireless LAN Intrusion Detection