Wireless Vs Wired Intrusion Detection Information Technology Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

intrusion detection systems and cable networks, are quite different from WIDSs. Although both designed to detect security updates, events of interest, both active in different ORL layers of the OSI [26]. While wired IDS dedicated focus OSI layers 3 (network)and above, the WIDS specialized in the detection of attacks that take advantage of the protocols and mechanisms

Wired IDS can be placed strategically in the network bottlenecks, so that is a perfect view of the network. However, the nature of wireless In the medium and radio communications, a sensor only capture traffic WidSets in his radio range. Therefore, to obtain a complete picture of WLAN, a WIDS should the use of multiple sensors, strategically placed by WLAN. In itself sensors must be able to catch all WLAN traffic. To compound problem, different 802.11 PHY tend to operate at different frequencies and allow the existence of a number of radio stations for WLAN nodes to communicate more. Thus be able to capture all traffic on the wireless LAN, dedicated sensors must be used for monitoring of each channel and frequency any WLAN or the sensors must use some form of sampling algorithm where the sensor regularly alternates between the different channels and frequencies. One technique is observed where each channel is a straight, predetermined period of time.

Wired IDS do not see the management and control of wireless LAN frames. They also see no EAP frames exchanged between Stas and access points. Therefore, a IDS cable cannot detect attacks based on these frames are not protected (see Section 2.7 and Figure 2.9). All data traffic in wireless local area network (one STA to another) is also fed directly between the two communicating STAS by AP. Therefore, any malicious payload delivered by data frames from one station to another is not be detected by a wired network IDS 1.

IDS Wired also cannot detect PHY and MAC layer interference-based attacks. Both and virtual radio jamming DoS attacks are a shared medium wireless resulting in other WLAN nodes are not able to access the media. Unlike WIDSs, cable IDS cannot help identify the physical location unauthorized access node or the opponent is not permitted in the WLAN [73]. WIDS provides this functionality using the distributed nature of their sensors throughout WLAN. According to the sensor gave an alert, the fault node can WLAN be placed somewhere near the physical location of this sensor. If multiple sensors raise the alarm, the triangulation of the strengths of the received signal can be done to calculate the exact position of the node parameters indicted.

Wired IDS are not able to monitor activity for wireless LAN security policy compliance violations. Therefore, unauthorized WLAN nodes EAP authentication method methods of production or low figures for protecting the confidentiality and integrity WLAN security policy will remain undetected. MAC spoofing is the root of every injection attacks in wireless LAN (see Section 2.7). A wired IDS does not get any information on the WLAN node make a decision about whether a particular image came from the legitimate node or an adversary spoofing the MAC address.

Wired ids


Works on OSI layers 3 (Network) and the above

Operates at OSI Layer 1 (Physically) and 2 (Data Link)

Generally located chokepoints in network for maximum network visibility

Using several different wireless sensors (dedicated) For complete network

Un Able to detect attacks based on 802.11

Able to detect attacks based on

802.11 frames to unprotected

Un Able to detect malicious payload

Can detect malware

voltage direct communication between


voltage direct communication between


We cannot detect the PHY and MAC

attacks based on jamming level

Able to detect PHY and MAC layer interference attacks base

the position of the node is not authorized, the rogue AP or an opponent in the WLAN

WIDSs to offer this feature using the distributed nature their sensors through wireless LAN

Wired IDS are not able to monitor WLAN

WIDS has a perfect visibility such violations

activity for compliance violations of safety

(EAP method, number of casualties, etc.)

Mac capable of detecting fraud

WLAN nodes

Not able to determine whether a

WLAN node is MAC spoofing

Table1: Wired ids vs WIDS

1.7. Choosing a Wireless Intrusion Detection System:

Now we have an idea of ​​what can be observed and what to do during the case, we must decide what to take and how WIDS. It is not within the depth this document to include all providers of systems WIDS, so additional research is suggested before choosing a WIDS. Here we are discussing the architecture of a wireless IDS with an overview of WIDS systems vs. Commercial Open Source systems.

Wireless IDS can be used in two ways in a centralized or decentralized. In a decentralized environment WIDS each operate independently, recording and alert themselves. In addition, it also means each WIDS be provided independently in a large network this can quickly become overwhelming and inefficient, and therefore It is not recommended for networks with more than one or two access points. The idea behind WIDS is a centralized system that sensors are deployed, covering the information to a central point. This item could send alerts and log events and serve a administration point for all sensors. Another advantage of centralized approach is that the sensors can cooperate with each other in order to detect events in the wider more accurately. (Yang, Xie and Sun, 2004) In this approach, there are also three means that sensors can be used. The first is to use existing access points (AP). Some access points in the market are capable of operating simultaneously as an AP and WIDS sensor. This has the potential to be cheaper than others, however, There is a downside. Use AP for both functions reduces the performance potentially creating a "bottleneck" on the web. The other option is to insert "Dumb" sensors. These devices simply relay all information to the central server and are based server for all events. Although inexpensive, all data are sent central point making an impact on the performance of the cable network and the creation of a single point of failure on the server. The third option is the use of intelligent sensors. These entities actively monitor and analyze wireless traffic, identify attack patterns and units of red and look for deviations from the norm. They then report these events back to the central server and allow administrators to invoke measures cons.

1.8. Wireless Policy:

At this point we should have a good understanding of what a WIDS is and what it can do. However, before you go jumping to create your own is more your knowledge. You must ensure that we create and wireless policy in place. Otherwise, may violate your privacy. You must be the policy of what can and cannot be allowed on the wireless network. Policy provides a set of guidelines that should be monitoring and waves often users right to privacy.

Creation and implementation of a wireless LAN is the most important security. Apart from any political will within the limits of the law. Policies must read and understood by all staff and employees are constantly reminded what the policy says. Or a wireless policy or another, an important issue that must be addressed is privacy. The Law on Electronic Communications Privacy and various laws prohibiting the interception of wiretap private communications. An exception to this is admitted by consent. Although the extent to which laws applies to employees is not black and white if you plan to make network monitoring traffic and data, among other things, it is best to make sure that your written policy to give the consent of such actions or face the possibility of legal action. We should be written support from diverse backgrounds. This should include management, technicians and users to represent different views and concerns. Also you want the criterion to verify the lawyer to keep it in law court of. Policy does not preclude the emergence of wireless threats, but well written policy in place, you can reduce the likelihood of these events and to ensure protection when attacked.

Our wireless policy should include specific information on the following subjects. Who is responsible for your wireless network? Someone with knowledge of wireless and authority over the network must be entered in charge of wireless. Often, when specifying these functions, it is preferable to include a job, rather than a name. If the list of specific names policy must change each time someone leaves or changes roles. A risk assessment should be included, defining the threats and vulnerabilities in relation to the WLAN