Web-style Wireless IDS attacks

By | November 8, 2006

Wireless intrusion detection systems (WIDS) are not yet as popular as their wired counterparts, but current trends would suggest that their number is set to grow. One positive factor in this respect is the integration of such programs with active network equipment and Management awareness of the risks associated with the unauthorised use of wireless devices. This awareness has led to an increase in the number of WIDS installations – even where wireless networks are not used.

In view of this situation, specialists in the field of security are now aware of the need to evaluate not only the quality features of any product, but also of the need to predict any possible negative influence arising from its implementation on the security of a corporate network.

This article looks at the results of research into wireless intrusion detection systems from the point of view of the specialist in the field of applications security. Design faults discovered are not discussed in the article as their correction requires significant effort on the part of the manufacturer.

A modern system of detecting wireless intrusion is a fairly complicated solution based on two- or three-tier architecture – often based on Web technologies.

WIDS architecture is based on sensors which collect, and sometimes process, wireless traffic as part of the monitoring process. Sensors can be based on standard operating systems or “specialised software and hardware platforms” (in most cases Linux). As a rule, sensors are quite intelligent devices which support TCP/IP and have sophisticated control interfaces.

The Sensors interact with the data collection component (server), and transfer to it information on detected intrusions or intercepted packets. The server processes information received, and performs the functions of detecting intrusions and correlating security-related events. A standard DBMS (database management system) is normally used to store information. To manage the system and monitor events, a control console is used in the form of a “fat” or “thin” client.

Click here to download the full paper

Leave a Reply