Documente Academic
Documente Profesional
Documente Cultură
__________________________________________________________________________________________
I. INTRODUCTION
We are living in era of convergence. Convergence is synergistic integration of various technologies of
different domain and discrete Information technology (IT) systems .Wireless Local Area Network (WLAN) is
most rapidly growing networking technology in this era due to immense advantages of it. Access to the WLAN
is made using the Hotspot or Access Points. Least expensive, high data rates, easy installation, mobility,
productivity, flexibility, handiness, constant connections and easy extensions are some of the plus points of
WLAN technology. Transmission & receiving of data is done through high frequency radio waves over range of
few hundred meters. Network looks pretty good with no wires and increases flexibility too. WLAN also have
capability to wired local area networks (LAN) or other WLAN workstations. These all factors helped for
booming of this technology. WLANs have been criticized a lot concerning their ability to provide security
equivalent to wired LANs. Moreover, security in wireless networks was considered to be sparse ever since its
introduction. Wired Equivalent Privacy (WEP), the first security protocol which was created by IEEE proved to
be inadequate. However, it has been proved form time to time that WEP has failed to meet security goals like
data confidentiality, access control and data integrity up to the expected level. New class of attacks has been
said to be emerged in past few years. Abundance of wireless technologies has enabled attackers to enter
networks. Using simple, free software, a new breed of adversaries is able to locate wireless networks, eavesdrop
on ongoing communications, and resources in the Network. With the proper antenna, the attack can come from
far away. Thus detection and identification of the intruder presents exclusive challenges which render many
conventional intrusion detection techniques ineffective. Data security is biggest concern for network
administrators while implementing WLAN. In a WLAN it is impossible for the Access Point to detect the
location of intruder. Considering the college situation Intruder could be in lobby, or in class room, or in
laboratory, or in library, or in the car parked just outside the gate of college. Data passing across unreliable radio
link could lead to spoofing. According to a study rogue APs are present on about 40% of all enterprise networks.
The key reason is advancements in hardware and software have made AP installation, AP discovery, and AP
compromise an effortless task for intruders. It is handy to obtain an AP and plug into a network without being
discovered for some time. Moreover, Wi-Fi network cards have the capability to capture all 802.11
transmissions. This has led to increase in the process of driving around and looking for vulnerable APs (wardriving activities). The shortcomings in the current security standards have led to a new breed of security
products known as Intrusion Prevention Systems (IPS). An Intrusion Prevention System is a network
device/software that goes deeper than a firewall to identify and block network threats.So the main theme of our
paper is to provide an efficient and reliable approach to detect and eliminate unauthorized hosts which
compromise the security and confidentiality of wireless Networks and tackle all the above problems.
Page 39
MA form Centralized system 1 will randomly select one of the active computers in the Network and
visit there.
Suppose MA from Centralized system 1 select Trusted Host (A) it will visit there. This MA will get all
the information from the MA program present on this host that is needed for Authentication purpose
and get back to Centralized System 1 and as this information is correct then this Host is authenticated.
The above step will be repeated for each trusted Host.
Page 40
When the MA will reach the intruders laptop then it wont be able to execute itself on that laptop.
Hence the intrusion is confirmed and the Access point at which this intrusion takes place is considered
as Rouge Access Point.
Once the Rouge Access Point is confirmed it can be eliminated by making use of switch.
A SNMP command is given to switch to block the port to which RAP is connected.
In this way a RAP can be eliminated.
Case 3: Lets make minor changes in above case and assume that now the intruder installs the MAS system
on his laptop and again connects it to Access Point B. Assume that he also deploys the MA program which will
provide information to MA of centralized system 1.
Prevention Technique:
MA form Centralized system 1 will randomly select one of the active computers in the Network and
visit there.
Suppose MA from Centralized system 1 select intruders laptop it will visit there. This MA will get all
the information from the MA program present on this host that is needed for Authentication purpose
and get back to Centralized System 1 and as this information is incorrect then this computer is
considered as unauthorized and Access Point to which it is connected is considered as Rouge.
Once the Rouge Access Point is confirmed it can be eliminated by making use of switch.
A SNMP command is given to switch to block the port to which RAP is connected.
In this way a RAP can be eliminated.
Page 41
Zebing Wang., Research of Wireless Intrusion Prevention Systems based on Plan Recognition and Honeypot, IEEE,2009.
Chao Yang, Active User-Side Evil Twin Access Point Detection Using Statistical Techniques, IEEE TRANSACTIONS ON
INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 5, OCTOBER 2012
Kenichi Takahashi Intrusion Detection using Third-Parties Support, in 12th IEEE International Workshop on Future Trends of
Distributed Computing Systems,2008.
R. E. Sorace, V. S. Reinhardt, and S. A. Vaughn, The Intrusion Detection System design in WLAN based on rogue AP IEEE
Computer Engineering and Technology (ICCET), 2010 2nd International Conference,VOL. 7,APRIL 2010
Page 42