Intrusion Prevention Software

Wireless Intrusion Prevention Software

Wireless Intrusion Prevention Software works exactly like Wireless Intrusion Detection Software, but it adds a very important feature.

Instead of just notifying the user or an IT Administrator about an intruder on the network, it goes one step further and
actually blocks the Intruder from accessing any of the networks resources.

There are several ways to accomplish this.

In our opinion, the best way to accomplish preventing a specific device from using a network that is already connected, is through the wireless router or access point itself.  There are several routing and networking commands that can be used to effectively block traffic from a device at the access point where that device connected.  The technology available to vendors at the router or access point level creates a consistent, stable blocking effect to prevent unauthorized access.  Even basic wireless routers have a Mac Filter option that is a good example of the type of blocking effect that can be added at the wireless router level.   Several Smart Firewall and Smart Wireless Routers now have integrated apps that allow push button prevention when an unknown device is detected on the network.

There are other methods, such as packet injection that do have an effect in preventing intruder usage on the network, but are less stable and consistent than what we’ve seen can be achieved on the wireless router or access point directly.

Of course, the options described above usually work well for wireless networks, but what if someone simply connected a Wired connection onto the LAN?  Because of how Layer 2 routing works, it’s more difficult to then prevent them from continuing to have network access, when they’ve already connected.  There are some intelligent switches that now also prevent packets from certain devices at the switch level.  But this is still an issue.  Proper network segmenting, limiting physical network access to the most important network resources is still recommended.

Some common pitfalls related to Intrusion Prevention in general are that False positives can result in Denial of Service for the users. That’s just a technical way of saying, if someone is running an Intrusion Prevention system, and they forget about it, and they need to quickly add a replacement server to their network, they could have a horrible time trying to debug why the new Domain Server isn’t working correctly because it’s been prevented by their Intrusion Prevention Software or Service.

However, even with the potential issues involved, Wireless Intrusion Prevention Software and Systems are becoming a more common option in the Enterprise.

Return to Monitoring a Wireless Network.