Wireless Intrusion Detection System

Source: Internet
Author: User

Now with the improvement of hacker technology, the wireless local area network (WLANS) is threatened more and more. The failure to configure a wireless base station (WAPS) causes session hijacking and denial of service attacks (Dos) to be like a plague that affects the security of wireless LANs in general. Wireless networks are vulnerable not only to the traditional wired network TCP/IP architecture but also to the security issues of the Institute of Electrical and Electronics Engineers (IEEE) release 802.11 standard itself. To better detect and defend against these potential threats, the wireless LAN also uses an intrusion detection system (IDS) to solve the problem. Organizations that have not configured intrusion detection systems are also considering the solution for configuring IDs. This article will tell you why the need for wireless intrusion detection systems, wireless intrusion detection system advantages and disadvantages, and so on.

Security from a wireless LAN

Wireless LANs are susceptible to a variety of threats. Encryption methods like the 802.11 standard and wired equivalent secrecy (wiredequivalentprivacy) are vulnerable. In the "WeaknessesintheKeySchedulingAlgorithmofRC-4" document, the Wepkey is able to break the attack through brute force in the transmission. Even if WEP encryption is used in a wireless LAN, hackers can decrypt it to get critical data.

Hackers get critical data by spoofing (Rogue) WAP. Wireless LAN users do not know the situation, think that they have a good signal to connect to the wireless LAN, but do not understand that has been the hacker's listening. With low cost and ease of configuration resulting in the current wireless LAN popularity, many users can also set up a wireless base station in their own traditional LAN (WAPs), followed by some users installed on the network backdoor procedures, but also created a negative environment for hackers open. This is why an organization without an intrusion detection system is starting to consider the solution for configuring IDs. Perhaps the traditional LAN users who set up the wireless base station also face the threat of being tapped by hackers.

A 802.11-standard network can also be threatened by denial of service attacks (DoS), making wireless LANs difficult to work on. Wireless communications are subject to some physical threats that signal decay, including trees, buildings, thunderstorms and peaks that disrupt wireless communications. Like microwaves, cordless telephones can also threaten wireless networks based on the 802.11 standard. A malicious denial of service (DoS) attack by a hacker through a wireless base station can cause the system to restart. In addition, hackers can use the above mentioned cheat WAP to send illegal requests to interfere with the normal user wireless LAN.

Another threat to wireless LANs is ever-increasingpace. This threat does exist and can lead to widespread destruction, which is why the 802.11 standard is becoming more and more popular. There is no good defense for this attack, but we will come up with a better solution in the future.

Intrusion detection

Intrusion detection System (IDS) can judge the damage system and intrusion events by analyzing the transmission data in the network. The traditional intrusion detection system can only detect and respond to the damage system. Nowadays, intrusion detection system has been used in WLAN to monitor and analyze user's activity, to judge the type of intrusion event, to detect illegal network behavior and to alarm the abnormal network traffic.

The wireless intrusion detection system is similar to the traditional intrusion detection system. However, the wireless intrusion detection system has added some wireless LAN detection and response characteristics to the damage system.

Wireless intrusion detection system can be purchased through the provider, in order to give play to the excellent performance of wireless intrusion detection system, they also provide wireless intrusion detection system solutions. Today, the popular wireless intrusion detection system in the market is Airdefenseroguewatch and Airdefenseguard. Like some wireless intrusion detection systems are also supported by the Linux system. For example: Free software open source organization of Snort-wireless and Widz.

Architecture

Wireless intrusion detection system is used in two kinds of centralized and decentralized type. A centralized wireless intrusion detection system is commonly used to connect individual sensors, collect data and forward it to a central system that stores and processes data. Distributed wireless intrusion detection system usually includes a variety of devices to complete the processing and reporting functions of IDs. Distributed wireless intrusion detection system is more suitable for smaller wireless LANs because it is inexpensive and easy to manage. When too much sensors is needed there is data processing sensors the cost will be disabled. Therefore, multithreading processing and reporting of sensors management than centralized wireless intrusion detection system to spend more time.

Wireless LANs are usually configured in a relatively large location. In this case, in order to better receive the signal, you need to configure multiple wireless base stations (WAPS), the location of the wireless base station to deploy sensors, which will improve the coverage of the signal. Because of this physical structure, most hacker behavior will be detected. Another advantage is to enhance the distance with the wireless base station (WAPs), so that the detailed location of the hacker can be better positioned.

Physical response

Physical location is an important part of wireless intrusion detection system. Attacks against 802.11 are often carried out quickly in close proximity, so the response to the attack is inevitable, like some intrusion detection systems that block illegal IP. You need to deploy to find the intruder's IP, and be sure to do it in time. Unlike traditional LANs, hackers can attack remote networks, and wireless LAN intruders are locally located. The physical address of the intruder can be estimated by the wireless intrusion detection system. Finding the victim through a 802.11 sensor data analysis makes it easier to locate the intruder's address. Once the target of the attacker is determined to shrink, the special reflection team takes out the Kismet or Airopeek to quickly identify the intruder based on the clues provided by the intrusion detection system.

Policy execution

Wireless intrusion detection system can not only identify the intruder, it can also strengthen the strategy. By using a strong strategy, the wireless LAN is more secure.

Threat detection

Wireless intrusion detection system can not only detect the behavior of attackers, but also detect roguewaps, and identify unencrypted 802.11 standard data traffic.

To better identify potential WAP targets, hackers often use scanning software. Software like NetStumbler and Kismet. Use the global satellite Positioning System (Globalpositioningsystem) to record their geographical location. These tools are becoming popular because of the geographic support that many Web sites have for WAP.

More serious than the detection scan, the wireless intrusion detection system detected a DOS attack, Dos attacks on the network is very common. Dos attacks occur because the building blocks cause signal decay. Hackers also like a Dos attack on a wireless LAN. Wireless intrusion detection system can detect this behavior of hackers. A flood attack like a fake legitimate user.

In addition to the above introduction, there are wireless intrusion detection system can also detect MAC address spoofing. It is a sequential analysis that identifies those wireless internet users who pretend to be WAP.

The flaw of wireless intrusion detection system

Although the wireless intrusion detection system has many advantages, but the flaw also exists simultaneously. Because wireless intrusion detection system is a new technology after all. Each new technology has some bugs when it is just applied, and wireless intrusion detection systems may have problems. With the rapid development of wireless intrusion detection system, this problem will be solved slowly.

Conclusion

The

Wireless intrusion detection system will become an important part of wireless LAN in the future. Although there are some defects in the wireless intrusion detection system, the overall superiority is greater than the inferior. Wireless intrusion detection system can detect the scan, Dos attack and other 802.11 attacks, coupled with a strong security policy, can basically meet a wireless LAN security problems. With the rapid development of WLAN, there are more and more attacks on WLAN, so it is necessary to have a system of this kind.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.