| Wireless LAN (WLAN) using the IEEE 802.11 protocols are being widely applied in the market. However, due to WLAN's feature of being open and the deficiencies of the IEEE 802.11 protocols themselves, the security of WLAN is always being threatened. The situation affects their development significantly.At the very beginning, WLAN security is threatened just by some basic attacks, including unauthorized access to network resources, network misconfigurations like installation of rogue access points, and illegal sniffing or eavesdropping via promiscuous mode. Now active and advanced attacks, such as MAC spoofing, Man in the Middle attacks or Denial of Service (DoS) attacks are more prevalent. Because most WLAN have connection with LAN, WLAN become the entry of intruding LAN in some instances.Aimed at the security problem existing in WLAN, a WLAN intrusion detection and response system has been designed. The system that consists of a single control center and several agents is deployed between WLAN and LAN. The agent is not only the entry for AP to access LAN, but also be able to detect intrusion activity in WLAN and notify the suspected activity to the control center immediately. The control center is responsible to monitor the WLAN security in real time, identifies the threats detected by agents and makes agent respond properly against the threats.According to the relationship between the status of station and MAC frame sent by station, the system can discover unauthenticated stations. In addition, the system can detect some WLAN discovery tools by analyzing its communication. It is proved in the test that the system is capable of detecting WLAN intrusion activity effectively and protects network from some attacks to some extend. |
PDF Full Text Request