World Library  
Flag as Inappropriate
Email this Article

Wireless intrusion prevention system

Article Id: WHEBN0006392115
Reproduction Date:

Title: Wireless intrusion prevention system  
Author: World Heritage Encyclopedia
Language: English
Subject: Wireless security, Rogue access point, AirMagnet, Typhoid adware, Secure communication
Publisher: World Heritage Encyclopedia

Wireless intrusion prevention system

In computing, a wireless intrusion prevention system (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).


  • Purpose 1
  • Intrusion detection 2
  • Intrusion prevention 3
  • Implementation 4
    • Network Implementation 4.1
    • Hosted Implementation 4.2
  • See also 5
  • References 6


The primary purpose of a WIPS is to prevent unauthorized network access to local area networks and other information assets by wireless devices. These systems are typically implemented as an overlay to an existing Wireless LAN infrastructure, although they may be deployed standalone to enforce no-wireless policies within an organization. Some advanced wireless infrastructure has integrated WIPS capabilities.

Large organizations with many employees are particularly vulnerable to security breaches[1] caused by rogue access points. If an employee (trusted entity) in a location brings in an easily available wireless router, the entire network can be exposed to anyone within range of the signals.

In July 2009, the PCI Security Standards Council published wireless guidelines[2] for PCI DSS recommending the use of WIPS to automate wireless scanning for large organizations.

Intrusion detection

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Rogue devices can spoof MAC address of an authorized network device as their own. New research uses fingerprinting approach to weed out devices with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against the known signatures of pre-authorized, known wireless devices.[3]

Intrusion prevention

In addition to intrusion detection, a WIPS also includes features that prevent against the threat automatically. For automatic prevention, it is required that the WIPS is able to accurately detect and automatically classify a threat.

The following types of threats can be prevented by a good WIPS:

  • Rogue AP – WIPS should understand the difference between Rogue AP and External (neighbor’s) AP
  • Mis-configured AP
  • Client Mis-association
  • Unauthorized association
  • Man in the Middle Attack
  • Ad hoc Networks
  • MAC-Spoofing
  • Honeypot / Evil Twin Attack
  • Denial of Service (DoS) Attack


WIPS configurations consist of three components:

  • Sensors — These devices contain antennas and radios that scan the wireless spectrum for packets and are installed throughout areas to be protected
  • Server — The WIPS server centrally analyzes packets captured by sensors
  • Console — The console provides the primary user interface into the system for administration and reporting

A simple intrusion detection system can be a single computer, connected to a wireless signal processing device, and SOHO or SMB customers, all the functionality of WIPS is available in single box.

In a WIPS implementation, users first define the operating wireless policies in the WIPS. The WIPS sensors then analyze the traffic in the air and send this information to WIPS server. The WIPS server correlates the information validates it against the defined policies and classifies if it is a threat. The administrator of the WIPS is then notified of the threat, or, if a policy has been set accordingly, the WIPS takes automatic protection measures.

WIPS is configured as either a network implementation or a hosted implementation.

Network Implementation

In a network WIPS implementation, Server, Sensors and the Console are all placed inside a private network and are not accessible from the internet.

Sensors communicate with the Server over a private network using a private port. Since the Server resides on the private network, users can access the Console only from within the private network.

A network implementation is suitable for organizations where all locations are within the private network.

Hosted Implementation

In a hosted WIPS implementation, Sensors are installed inside a private network. However, the Server is hosted in secure data center and is accessible on the Internet. Users can access the WIPS Console from anywhere on the Internet. A hosted WIPS implementation is as secure as a network implementation because the data flow is encrypted between Sensors and Server, as well as between Server and Console. A hosted WIPS implementation requires very little configuration because the Sensors are programmed to automatically look for the Server on the Internet over a secure SSL connection.

For a large organization with locations that are not a part of a private network, a hosted WIPS implementation simplifies deployment significantly because Sensors connect to the Server over the internet without requiring any special configuration. Additionally, the Console can be accessed securely from anywhere on the Internet.

Hosted WIPS implementations are available in an on-demand, subscription-based PCI DSS.

See also


  1. ^
  2. ^
  3. ^
  4. ^
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.