Abstract:
A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.
Abstract:
A search algorithm to find a globally optimal radio plan for a wireless network, including assignments of frequency and transmission power to multiple access points. Two different evaluation metrics are used in order to provide an optimal solution in a reasonable time period. Frequency searches are performed using a special rapid evaluation metric. Transmission powers are selected using a more refined metric that estimates data throughput. The search results are deterministic and execution time is also substantially deterministic.
Abstract:
A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.
Abstract:
A search algorithm to find a globally optimal radio plan for a wireless network, including assignments of frequency and transmission power to multiple access points. Two different evaluation metrics are used in order to provide an optimal solution in a reasonable time period. Frequency searches are performed using a special rapid evaluation metric. Transmission powers are selected using a more refined metric that estimates data throughput. The search results are deterministic and execution time is also substantially deterministic.
Abstract:
A method and implementation are disclosed for binding a mobile node to a subnet. The invention comprises steps and implementations for intercepting messages sent by a mobile node to a server, associating a predetermined subnet with the intercepted messages and forwarding the intercepted messages to the server. The invention intercepts reply messages sent by at least one server and selects reply messages that are associated with the predetermined subnet. The selected reply messages are forwarded to the mobile node, and reply messages that are not associated with the predetermined subnet are discarded.
Abstract:
Determining the location of a radio tag or client station of a wireless network, and the location of coverage holes by receiving from a plurality of wireless stations of the wireless network path loss information of the path loss of one or more location frames received at the respective wireless stations. The location frames transmitted by the radio tag or client station having a pre-defined frame structure. The radio tags and client stations use a common infrastructure for transmitting a location frame configured for radiolocation by path loss measurement. The common infrastructure includes a pre-defined protocol common for both radio tags and client stations for transmitting information for reception by the plurality of stations of the wireless network for radiolocation. The pre-defined protocol includes using the location frame having the pre-defined frame structure.
Abstract:
Systems and methods for defining and documenting processes, procedures, standards and policies that are succinct and usable, and that are scalable to the complexity of the process and to abilities of the individual user. Steps of a particular process and a relationship of one or more of the steps are identified. Graphical representations of the steps and the relationship as a lean process are provided, wherein the lean process enhances and increases communication and minimizes documentation for providing the graphical representations, and wherein the representations comprise key process elements for the particular process, wherein the key process elements consist of one or more inputs, outputs, activities, process context, entry criteria, exit criteria, purposes, process flow, and roles, and wherein the representation is on a single page if a receiver of the non-verbal communication is an expert audience. If a receiver of the non-verbal communication is an intermediate audience, the non-verbal communication further comprises a process description table having the identified process steps that correspond to the representation of key process elements, wherein the process description table provides guidance and lessons learned relating to the particular process; and if a receiver of the non-verbal communication is a beginner audience, the non-verbal communication further comprises the process description table and training relating to the particular process.
Abstract:
Methods, apparatuses, and systems directed to facilitating troubleshooting wireless connectivity issues in a wireless network. In accordance with one embodiment of the present invention, either a diagnostic supplicant in the wireless client or a diagnostic manager initiates a troubleshooting protocol between the diagnostic supplicant and the diagnostic manager over a diagnostic link in response to one or more events. In one embodiment, after the diagnostic supplicant establishes a link to a diagnostic manager via a diagnostic link, the diagnostic supplicant generates and transmits a problem report to the diagnostic manager. The problem report initiates a troubleshooting protocol between the diagnostic manager and the diagnostic supplicant.
Abstract:
A system and method to manage the pre-authentication service by providing a network-centric, managed list of neighboring/logical access points from which a wireless station should pre-authenticate. An access point is provided with a pre-authentication table. When a wireless station associates with the access point, the access point transmits the pre-authentication table to the client. The client responsive to receiving the table only pre-authenticates with neighboring access points on the table.
Abstract:
Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.