A wireless intrusion prevention system can detect and defend against attacks and unauthorized access to a WLAN. It provides additional protection for the wireless network environment. The WIPS consists of several components and uses sensors to monitor the wireless network.
What is WIPS (Wireless Intrusion Prevention System)?
The acronym WIPS stands for Wireless Intrusion Prevention System. It is a combination of Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) for wireless networks. The system monitors the WLAN and can detect and defend against attacks or unauthorized access. WIPS consists of several components such as sensors, servers, and management consoles. The components can be dedicated or integrated into existing WLAN devices. By monitoring the frequency spectrum and the transmitted data packets, fraudulent access points, for example, can be detected and rendered harmless.
How a WIPS works
To effectively detect and defend against unauthorized WLAN access or bogus access points, the wireless intrusion prevention system must monitor and analyze both the radio frequencies and the data exchanged on the WLAN. Unauthorized devices and access points, for example, can be identified by their MAC addresses.
If the unwanted devices engage in so-called MAC address spoofing and use forged MAC addresses, techniques such as the recognition of unique fingerprints can be used for extended protection. In this case, the WIPS identifies the authorized devices based on specific characteristics and behaviors. A WIPS is capable of detecting various WLAN attack methods such as DoS attacks, honeypots, or man-in-the-middle attacks. The WIPS is controlled via central administration interfaces.
The systems are usually configured to take defensive measures independently when threats are detected, while simultaneously alerting a predefined group of people.
What does a WIPS defense look like?
Wireless intrusion prevention systems master different defense methods for the various threat scenarios. For example, a rogue access point can be rendered harmless by having the WIPS send de-authorization packets to the fake access point and the clients connected to it.
The de-authorization packets impersonate each other as clients or access points and cause the communication partners to disconnect. If suspicious activity is detected on certain unintended radio channels, it can be blocked by various measures.
The components of a WIPS
In principle, WIPS consists of three components. These are:
- Sensors for monitoring the network and the radio spectrum
- A management system for administration and operation of the wips
- Central server for analysis and communication with the sensors
The individual components can be dedicated physical devices or integrated into existing network devices as additional software-based functions. Wireless intrusion prevention systems consisting of dedicated components offer the advantage that they can be operated as an overlay system without modifying the existing wireless network. They also provide a higher level of protection by separating monitoring from the productive network.
Benefits of using a wireless intrusion prevention system
There are numerous benefits to using a wireless intrusion prevention system. These are:
- Additional protection of the WLAN infrastructure
- Automatic detection of threats to the wireless network
- Automatic defense against various attack methods
- Detection and defense of rogue access points and rogue clients
- Detection and defense of evil twin access points
- Detection and neutralization of misconfigured access points
- Enforcement of WLAN policies
- BYOD protection
- Automatic alerting of suspicious activities
