As you probably know, there are multiple attacks possible in the wireless world. To detect and prevent those attacks there are monitor tools like a wireless intrusion detection system (WIDS). The best solution for attacks is to prevent them. With wireless intrusion prevention system (WIPS), it is possible to mitigate attacks from, for example, rogue…

In the overview WIDS/WIPS blog, I wrote of four analysis methods from the server used to collect data: – Signature analysis looks for patterns. – Behaviour analysis looks for anomalies. – Protocol analysis analyses the MAC layer information or upper layer non-encrypted frames. – Spectrum analysis analyses the RF spectrum. The WIPS/WIDS has a database…

A WIDS/WIPS can do device classification and recognize devices such as access points, client stations, and ad hoc clients, as long as those devices are within range of the sensors. When the devices are scanned and recognized the devices will be classified in four categories: Authorized devices: Devices that are owned by the company or…

Roaming is when a client wants to move around the building. During this, the signal strengths with the access point reduce and at a certain point there will be an access point with a better signal strength. With a reassociation the client moves from one BSS (Basic Service Set) to another BSS within the ESS…

PMK caching or static key caching (SKC) is the first caching method. The PMK is cached for a certain length of time. A client is able to cache multiple PMKs, so when a client associates with an access point a new PMKSA is established with PMK #1. This key will be cached on the client….