A wireless intrusion prevention system (WIPS) is a dedicated security device or integrated software application that monitors a wireless LAN network’s radio spectrum for rogue access points and other wireless threats.
A WIPS compares the MAC addresses of all wireless access points on a network against the known signatures of pre-authorized, known wireless access points and alerts an administrator when a discrepancy is found. To circumvent MAC address spoofing, some higher-end WIPS are able to analyze the unique radio frequency signatures that wireless devices generate and block unknown radio fingerprints.
The PCI Security Standards Council recommends the use of WIPS to automate wireless scanning. In addition to providing a layer of security for wireless LANS, WIPS are also useful for monitoring network performance and discovering access points with setup errors.
There are three basic ways to deploy a WIPS. The first, primarily found at the lower-end of the market, is known as time slicing or time sharing. In this type of deployment, the wireless access point does double duty, providing network traffic with wireless connectivity while periodically scanning for rogue access points.
In the second approach, which is known as integrated WIPS, a sensor that is built into the authorized access point continually scans radio frequencies, looking for unauthorized access points.
In the third approach, which is known as WIPS overlay, sensors are deployed throughout a building to monitor radio frequencies. The sensors forward the data they collect to a centralized server for further analysis, action and log archiving. This approach is more expensive because it requires dedicated hardware but it is also thought to be most effective.
WIPS overlay hardware resembles a rack server and the associated sensors resemble Wi-Fi access points. Most WIPS overlay systems share the same fundamental components:
Sensors — monitor the radio spectrum and forward logs back to a central management server.
Management server — receives information captured by the sensors and take appropriate defense actions based on this information.
Database server — stores and organizes the information captured by the sensors.
Console — provides an interface for administrators to set up and manage the WIPS.
While WIPS overlays provide many valuable features and protections, especially to large enterprises who capture customer data, they can be quite costly. With hardware, applications, subscriptions and training all factored in, an enterprise with 250 access points might spend as much as $100,000 on WIPS.