TW574655B - A WLAN network security control and intrusion detection method - Google Patents

Description

574655 V. Description of the invention α) [Field of the invention] The present invention relates to a network security control mechanism and an intrusion detection method. The invention is applicable to wireless area communication, and only requires a dynamic host to set a protocol server and an email. The server and a network management console can be used, which is characterized in that the network management console has a built-in wireless station computer name table of a legitimate user. [Background of the Invention] In the past, after business owners spent large sums of money to set up an enterprise intranet, they often felt that the network was useless! Because all employees can only access shared files or send and receive email on their own computers. At the same time, whenever a colleague is in a meeting or leaves work, waiting business people and urgent e-mails often cannot get an immediate response. For business owners, this is really unbearable! Setting up a wireless office network environment can reduce the intricate network routes in the office, so that colleagues at work can send and receive emails or access shared files in any corner of the office. Therefore, the wireless network is free from the office network environment. Reach the goals of the Office of Operations. After the hospital installed a wireless LAN, communication within the hospital has been greatly improved: nurses can quickly transfer voice and data through mobile handheld devices, and doctors can perform telemedicine services. In the past, nurses in hospitals must frequently travel between wards in order to answer fixed-line calls. A hospital source said: "This not only means that nurses must temporarily hand over the patients in their hands to nearby nurses.

Page 4 574655 —— _ V. Description of the invention (2) Gu: And when they answer the phone, they will not be able to connect to the ward. In this way, when the emergency medical treatment team of the external hospital is difficult, it is very difficult to effectively handle the situation. For example, the hospital uses a wireless network system, and the doctor carries the P: sister. (PDA) You can visit the ward to access the medical records database. Person #Digital Assistant, Wireless Local Area Network IEEE 8002. "The Wild West Therapy Equipment does not have a campus wireless network set up by the school. It is a formal entry into Chengbei. In the campus wireless local area network architecture, several wireless bridges (ACcess pQi f. Pen-type computers, personal digital assistants, and books are placed in the construction area. As long as the device is plugged in with a wireless network card, the user does not need to connect to the brain, or other network restrictions. :: Chang: By the wireless barriers of the building, the campus wireless area network can be used to build a public place wireless Internet service airport, providing a salesman or SOHO network location, without having to relocate to the telephone line transportation center. Next time you see the police using personal deaf card information and issuing tickets on the side of the road, do n’t be surprised — assistant, connect to the Internet to check the popularity of cars, except for the existing coffee mill.行 等 ， # 将; 2: Stores, airports, gas stations, and nets, as long as laptops or personal data help the Internet to book online, go out and use a digital assistant (PDA) with more than 90% of wireless networks, outdoor The higher the coverage rate, the wider the field will be. Η The more convenient it is for users. 2 Focus on coffee shops, restaurants, and other places to talk about business or work. In addition, the airport is more for business people.

nai Page 5 574655 V. Description of Invention (3) Luca is enough. With the development of technology and the popularization of the Internet, in the family, the wireless Internet era is officially announced, watching serials in the living room, discussing the plot online, watching stock quotes while cooking in the kitchen, playing online games in bed, and even sitting Looking at online novels on the toilet, these plots are not futuristic, but present. Of course, the application of wireless network is more than that. Wireless makes Internet access no longer limited to physical line configuration, and Internet access can also take into account mobile needs. The biggest disadvantage of the wireless network is that the coverage rate will be limited by the wireless base station, which is a fixed-point service, and cannot receive signals at speeds of more than 20 kilometers per hour. 8 0 2. 1 1 b The price of wireless-related equipment has fallen rapidly. In addition, notebook computers, PDAs, and even projectors have built-in wireless Internet access functions, which helps the development of wireless Internet access. At present, the market price of a wireless bridge (Access Point) is about six or seven thousand yuan, or even lower. A wireless network card is even only 10% to 20% more expensive than a normal network card. In simple terms, a wireless LAN can share an original network line with multiple computers through wireless transmission. For highly mobile users, maintaining a smooth connection between voice and data has always been a problem. Wireless LAN technology is the best solution to these problems. The popularity of wireless network technology has a lot to do with telecommunications operators in order to avoid the trouble of indoor line installation and construction, so they will use wireless network technology as a relay circuit. Today, various wireless network products such as IEEE80 2.1 lb can solve this problem for users. In addition to eliminating the trouble of physical line installation settings, users

Page 6 574655 V. Description of the invention (4) By replacing the physical line with the wireless transmission technology, it can also avoid affecting the stability of the transmission line due to the poor line, and the new wireless network / has been greatly installed , Yanshi Ding and other necessary tasks, users can more easily enjoy the benefit of the Internet. However, due to the different specifications of IEEE802.1 1 b wireless network products, there are different restrictions on their use. 4 ^ As for the IEEE80 2.1 lb wireless network technology, it is designed to replace the traditional physical local area network. Although there are only digital data transmission channels, the transmission speed can reach 11Mbps. The transmission range is also from 10 to 100. Meters vary, and it is the industry standard for wireless networking products. Many products of this technology are quite suitable for setting up wireless networking environments. At present, well-known network product companies have launched a number of ΙΕΕΕ802 · ^ wireless network products, including pci wireless network cards for desktop computers, USB wireless networks can be used for notebook computers, desktop computers Modules and PCMC 丨 A wireless network cards designed for notebook computer users, if used with wireless network base stations, can also provide tens to hundreds of computers with wireless connectivity at the same time. There are two types of wireless network access suitable for personal computer use: First, according to the IEEE 802.1 standard: according to the IEEE 802.1 standard 'Service Set Identifier (SSID), and wired When the Wired Equivalent Privacy (WEP) key is correct, the wireless LAN station can establish a connection with the wireless base station to which it wants to connect. Due to implementation issues with the standard, hackers can use wireless LAN packet monitor tool software to eavesdrop on radio-transmitted packets. Because the CPU's computing power

574655 V. Description of the invention (5) If the Wired Equivalent Privacy Standard (WEP) key value remains unchanged, when the times advance, the Wired Equivalent Privacy (WEP) key value used for data encryption will sooner or later Found. Second, the wireless LAN supported by Microsoft Windows operating system: Microsoft's Vision fixed operating system has included I E E E 80 2 · 1 1 b wireless LAN standard in its απ line. In Microsoft Windows operating systems, standardized wireless LAN drivers have also been defined. ^ There are four known methods for wireless network access for personal computers. The first method: the security service set identification (fSID) of the web beacon frame (β e a c 〇 n f r a m e). According to the wireless LAN standard of ιΕΕΕ 802 · 丨 丨 wirelessly, the ground will periodically transmit the network beacon frame to the wireless network. After the wireless station receives the network beacon frame, it interprets the information and decides whether the wireless base station is the wireless base station it wants to connect to. The second T parameter in the frame is the SSID. The SSIDf message of the network beacon frame can be hidden by the wireless base station $ without sending out. Frame: 2: 疋 App% 1 D wireless station, when the network beacon 4 # # # 4: When the station is connected, the wireless station can connect to the application, this feature promotes the wireless network security level. ΐ, ί f. The station ’s network card number control (media access card number, registered in advance: its wireless station must have its network route station not registered in the access control list of access ί. If there is no The authorized wireless station 2 base station will automatically reject the full loophole: because the network cuts = the request. This implementation of 1, there is a poor Λ transmission without encryption, the wireless network's

Page 8 574655 V. Description of the invention (6) The packet monitor can still know and detect the address of the network card number. The third method: dynamic key exchange. Basically, this implementation replicates the concept of virtual private network (Virtual Private Network, VPN) applications on the Internet. According to Internet standards, there is a communication protocol called the Internet Key Exchange (IKE). The protocols for key generation and exchange are clearly defined in this standard, and the proprietary protocol for key exchange is defined between the wireless base station and the wireless station. This new key will be used for Wired Equivalent Privacy (WEP, defined in IEEE 802.11) encoding. The disadvantage of this implementation is that it is a completely proprietary implementation, and it has no cross-brand interoperability with other I E E E 80 2 · 11 standard products. The fourth method: the identity authentication server (Radius Server), the IEEE also established the IEEE 802 · 1χ standard, which basically transfers the existing I ΕΕΕ 8 0 2 · 1 1 wireless network from the local network application to Metropolitan Area Network (MAN) application. According to this standard, the product-based I ΕΕΕ 80 2 · 1 1 technology can be used for Internet access in public areas such as airports or train stations. I Ε Ε Ε 8 0 2 · 1 X provides an Authentication Protocol. The authentication protocol is between a portable computer wireless station and an authentication server. It provides mobile wireless LANs through the base station. Road access, Figure 1 shows the mechanism of a known identity authentication server. In Figure 1, the identity authentication server (Radius Server) 100 maintains a database 102, which stores a list of computer names of legitimate users' identity authentication server (R adius Server) 1 0 0Use this database

574655 Fifth, the invention day ^^ 1 〇2, the aunt 丄 Internet ^ Internet router (Internet router) 120 passed through Bao, the newly added wireless station 16 〇 (computer) identity is 142 ^ Other devices on the road include: wireless base station 1 40, wireless base station line station A and wireless base station 144, wireless base station 162, wireless base station 164, non-profit room 16 6 'wireless base station 1 4 0 control newly added wireless base station 1 6 〇 and ..., f station 162, wireless base station 142 controls wireless station 164, wireless base station 1 4 4 controls wireless station 1 6 6 and the control method is to complete the connection with the radio through I e EE 8 0 2 · 1 X , These devices are connected to the same network. Usually the authentication server integrates the billing system, so setting up and maintaining the authentication server will cost a lot. Usually only the Internet Service Provider (Internet Service Provider) will set up an identity authentication server for billing, and the authentication in the identity authentication server appears too complicated for the wireless LAN in the office. [Summary of Invention] The present invention mainly provides An authentication mechanism similar to the one used in an authentication server for wireless security control. Furthermore, it eliminates the need for an authentication server to reduce the cost of network construction. Third, it effectively detects intruders and refuses to provide illegal Services, and notify system administrators of intruders via video, voice or email. [Detailed description of the invention] The present invention is mainly used for wireless local area network security control and intrusion detection.

574655 5. The method of the invention description (8), the wireless local area network includes at least a wired network and a wireless network. Please refer to FIG. 2 for a schematic diagram of a wireless local area network to which the first embodiment of the present invention is applicable. To constitute a wired network applicable to the first embodiment of the present invention, the constituent device needs to provide at least an e-mail server 210 (E-maii Server) 210, a host L 5 and a protocol server (Dhcp Server, Dynamic Host)

Configuration Protocol Server) 2 2 0, a Network Management Consol 230, a wireless base station 240, a wireless base station 2 4 2 and a wireless base station 2 4 4, these devices are connected on the same wired network . The main purpose of the e-mail server 2 is to send e-mails to notify system administrators that there are intruders. The dynamic host sets the protocol server (DHCP) 2 2 0. The main tasks are: (1) Accepting DHCP The client requests a lease of the Internet address (IP), and (2) when the MCp server receives the broadcast of the lease of the Internet address (丨 p) from the client, the DHCP server will Within the range of outgoing addresses, select the foremost vacant network address (IP), and provide an IP leased address packet to the client in response. A network management console (Network Management Consol) 2 3 0, a wireless station computer name table of legal users approved by the system should be built in advance 2 3 5 for checking whether it is a wireless of legitimate users The name of the station computer and provide services based on it, or block the service, and notify the system administrator by email, video, or sound that there is an intruder, and the network management console 2 〇 performs the following tasks in this article: · (1) Accept, line ^, the station 240 sends a standard SNMP Trap (simple network management protocol setting trace) to notify the network management console 23, that there is a new wireless

574655

Two points = plus: the local network 'wireless base station 240 original, managed wireless to 252' wireless base station 242 shouldered profitability site oc > l ,,,, 地 MAPp — σ The number of wireless stations is 254, the wireless base is 25 ^ 1, the wireless station is 2 5 6, and (2) the new wireless station is proactively requested ☆ I request for an unreported network address (Ip address),

Subject to the new wireless station 2 5 Οθ Hao Niang Ir TDAA message packet to the oral network address (IP address) to actively send a new wireless station 25 to request its computer name ^ () to connect to the new wireless station 2 50 0 Report the computer name of the wireless station = message packet. (6) Use a pre-built system to verify the wireless station's computer name table 235, and check whether the new wireless station is

The name of the wireless station computer of the legal user, and based on the simple network management agreement (SNM), it decides to provide the service, or blocks the service, and notifies the system by email 'video' or sound type Managers have intruders. The wireless network department to which the present invention is applicable requires a plurality of wireless base stations, or wireless network bridges (Accession Point), which is responsible for receiving and sending messages to the wireless station, such as the wireless base station 2 4 0 , Wireless base station 2 4 2, wireless base station 2 4 4 ′, and multiple wireless stations (indicating a computer in use)

For example, wireless station 2 5 2, wireless station 2 5 4, wireless station 2 5 6. This type of device is connected to the wireless base station 240, 242, 244 by radio under the IEEE 80 2.1 communication protocol. Network, the wireless local area network applicable to the present invention is composed of a wired network section and a wireless network section. Figure 3 illustrates the operation steps of the method of the present invention. The steps are as follows: 1. When a newly added wireless station 310 has the correct Service Set Identifier (SSID), and together with the MAC address Wired Equivalent Privacy Standard

Page 12 574655 V. Description of the Invention (ίο)

When the Equivalent Privacy ^ WEP) key value is also correct, a connection is established between the wireless base station 310 and the wireless base station 3 0 2 (associatión) 3 8 1 '2, sent by the wireless base station 3 2 0 Go to the network management console 340 'and send a standard SNMP Trap (simple network management protocol configuration tracking) 382 to notify the network management console 34, the new wireless station 31, join the wireless local area network, 3. The newly added wireless station 3 丨 〇 sets a protocol server 3 3〇 to the dynamic host, and issues a request for a network address (jp address) 383. 4. When the newly added wireless station 310 The request issued by the three steps 383 was approved by the dynamic host setting protocol server 3 3 0 'The dynamic host setting protocol server 3 3 0 will return the network address 3 8 4' to the newly added wireless station 3 1 0, V. The network management console 3 4 0 issued a request to report the network address 3 8 5 to the newly added wireless station 3 1 0 '6. The newly added wireless station 3 1 0 Return its network address 3 8 6 and give the network management control Platform 3 4 〇, please note that the fifth and sixth steps can be completed in one of the following ways: (1) Send a RARP (Reverse Address Resolution Protocol) packet request, the request packet from the network The management console 3 400 sends out, where the reverse address resolution protocol packet has a known network card number. When the wireless station 3 receives the reverse address resolution from the network management console 3 400 The protocol packet request will automatically respond to the request with the network address of the wireless station 3 10. (2) Send a broadcast packet requesting a network address to the entire network. The broadcast packet requesting a network address is from the network management console 3 4 0, and all wireless stations in the network will return to represent the station. Address packets of the network, the network management console 340 analyzes these packets, based on the network of the wireless station

574655 V. Description of the invention (11) Locate the network address of the wireless station. As a result, the network management console 3 4 0 already has the network card number and network address of the newly added wireless station 3 1 0, and the network management console 3 4 0 requests the newly added wireless station Platform, return its own computer name 3 8 7 'eight, the newly added wireless station 3 1 0 report its own computer name 3 8 8 to the network management console 3 4 0, this action is located in the newly added The wireless station 3 1 0 is issued by a tool program on the driver. 9. The network management console 3 4 0 checks the computer name 3 8 9 received, whether it is located on the wireless station computer name of a legitimate user. In the table: If not, the wireless station is considered as an illegal user (i 1 1 ega 1 user), and the network management console issues a command to the wireless base station via SNMP (Simple Network Management Protocol) 3 2 0 In order to deny service to the illegal wireless station 3 1 0, when the wireless base station 3 2 0 receives a request to deny service to the illegal wireless station 3 1 0, it immediately cuts off all provision to the illegal wireless station 3 1 0 Traffic flow (traffic) 3 9 0 The thick dotted line indicates that the service request of the illegal wireless station 3 1 0 was cut off. When the network management console 3 4 0 detects the illegal wireless station 3 1 0, it sends an alert message 3 9 1 to The system administrator's workstation 3 500, the system administrator's workstation 3 500 updates the alert message or emits a beep 3 9 2. Figure 4 is a flowchart illustrating the main steps of the method of the present invention. When a newly added wireless station (Wireless Station) has the correct Service Set Identifier (SSID) and a Wired Equivalent Pr i vacy (WEP) key along with the MAC address When the value is also correct, the wireless station communicates with the wireless station.

574655 5. Description of the invention (12) Establish association 410 between base stations. Second, the wireless base station sends the network management console to send a standard SNMP Trap (simple network management protocol setting trace). Report the network card number to inform the network management console that the new wireless station has joined the wireless LAN 4 2 0. Third, the newly added wireless station sets a protocol server (DHCP) to the dynamic host. ) To issue a request for an IP address. When the request is approved by the dynamic host setting protocol server (DHCP), the dynamic host setting protocol server sends a network address to The newly added wireless station 430, and fourthly, the network management console issues a request to report the network address, to the newly added wireless station, the network management console issues a request for a network address, To the newly added wireless station, the newly added wireless station, in response to the request from the network management console, returns its network address, and to the network management console, this The above request and the process of returning the network address can be completed in one of the following ways: (1) Sending a RARP (Reverse Address Resolution Protocol) packet request, the request packet is sent from the network management console, The reverse address resolution protocol packet has a known network card number. When the wireless station receives a reverse address resolution protocol packet request from the network management console, it will automatically respond to the request with the wireless address. Site's network address response. (2) Send a broadcast packet requesting the network address to the entire network. The broadcast packet requesting the network address is from the network management console. All wireless stations on the network will send back the Address packets, the network management console analyzes these packets and finds them based on the network card number of the wireless station

574655 V. Description of the invention (13) Give the network address of the wireless station. At this point, the network card number and network address of the network management control table— ^ are connected to the newly added wireless station and the newly added wireless station, and the report: Come, the network management console requested The wireless station reports the computer name of the computer itself. This new addition is located by the newly added: f said: to the network management console, issue a program 440, the fifth, this, _ 站 堂, The computer name of the work report on the driver is ^ \ The management console checks the received return form 45 0. If it is, the wireless station computer name of the processing user is an illegal user ⑴legal UDS = If no, the wireless station is regarded as SNMP (Simple Network Management Protocol Road Management Console through wireless station service: 2) All traffic flow of illegal wireless station is provided to the management console. When the illegal wireless station is detected, The warning message is sent to the workstation of the system manager, and the warning message is updated by the workstation of the system manager, or a beep 470 is issued or a warning message is sent out via email. In the second embodiment, the total number of wireless stations that are connected at the same time is less than two hundred. Please refer to FIG. 5. A schematic diagram of a wireless local area network to which the second embodiment of the present invention is applied. The device must provide at least an email server (E_mai 丄 Server) 210, a dynamic host configuration protocol server (DHCp

Server, Dynamic Host Configuratiorl pr〇t〇c〇l

574655 V. Description of the invention (14)-

Server) 22 0 Network Management Console (Network Management 〇 〇 〇 1) 2 3 0, wireless base station 240, wireless base station 242, and wireless base station 244, system manager's workstation 35, these devices are connected In the same wired network, the main purpose of the email server 2 is to send emails. First, the wireless network department applicable to the embodiment needs to have multiple wireless base ports, or wireless network bridges (Access point), which is responsible for receiving and sending messages to the wireless station, such as wireless base station 2 4 〇, wireless base station 2 4 2, wireless base station 2 4 4, and a plurality of wireless stations (indicating the computer in use), such as wireless station 2 50, wireless station 252, wireless station 254, wireless station 25 6, This type of device is wirelessly connected to the same network with the wireless base station 2 4 0 '2 4 2, 2 4 4 under the ΙΕΕΕ 8〇2 · 丨 丨 communication protocol. The wireless local area network routing applicable to the second embodiment A wired network unit and a wireless network unit are combined. Each of wireless station 250, wireless station 252, and wireless station 254 'wireless station 2 5 6' has a wireless station computer name table 2 3 5 in which legal users are recorded in advance. Figure 6 illustrates the operation steps of the second embodiment. The steps are as follows: 1. When a newly added wireless station 310 has the correct Service Set Identifier (SSID) and the card number of the wireless network card ( (MAC address) has been registered in the wireless base station in advance, and the Wired Equivalent Privacy (WEP) key value is also correct, a connection is established between the wireless base station 3 10 and the wireless base station 3 2 0 (Association) 381, 2. The wireless base station 3 2 0 requests the newly added wireless station 3 1 0 to report the identity of the user.

Page 17 574655

(identity) and password (password) 682. Third, the newly added wireless station 3 1 0 uses a predetermined encryption and decryption method identity (ldentlty) and password (password) to be added. Encryption, transmits the encrypted identity password m to the wireless base station 32, and the wireless base station 32 receives the identity and the passw rd of the encrypted user. As a result, decryption is performed. Fourth, the wireless base station 32 checks whether the received user's identity and password are legitimate users. If not, wireless Station 3 丨 〇 is regarded as an illegal user, and wireless base station 32〇 immediately cuts off all traffic 39 provided to illegal wireless station 310, and uses Simple Network Management Protocol (SNMP) Notification 684, Network Management Console 34〇: The wireless station 310 is an illegal user. 5. When the network management console 3 4 0 receives the message that the wireless station 3 1 0 is illegal, it sends it via email. Send alert howl 3 9 1, Known system administrator workstation 35 billion, the system updates the administrator's workstation warning message or beep 3 g 2, or sending out an email alert message. / Figure 7 is the operation flow chart of the second embodiment. The steps are as follows: 1. When a new wireless station (wireless wireless) has the correct Service Set Identifier (SSID) and wireless network card When the second card number (MAC address) has been registered at the wireless base station and the Wired Equivalent Privacy (WEP) key value is also correct, 'the association is established between the wireless station and the wireless base station 710 , 2. The new wireless access point is added by the wireless base station.

Page 18 574655 V. Description of the invention (16) station, request to report user identity (password) 72 0, 3. The newly added wireless station uses a predetermined encryption and decryption method to decrypt the user ’s The identity and password are encrypted. After encryption, the 73 identity and the password are transmitted to the wireless base station. The wireless base station receives the encrypted user's identity and the password. (Passw〇rd) result, after receiving the decryption (deCrypti〇n) 740, four, the wireless base station received the decrypted user's identity (identity) and pass word (passw = d) to check whether it is a legitimate user 750 'If not, the wireless station is regarded as an illegal user, the wireless base station immediately cuts off the service 76, and all traffic provided to the illegal wireless station is no longer held, and it is managed through a simple network. (SNMP) Notifies the network management table 770: The wireless station is an illegal user (uiegal user). 5. The management station received a message that the wireless station was illegal. Tian Zi file sends a warning message, go to the system manager's workstation, notify the person and alert 780, the system manager's workstation will update the xinxi to take care of itself or emit a beep, or send a warning message by email ~ Although a preferred embodiment has been used to explain this creation, the artist needs to understand that the above embodiments can be modified: ㈣ The spirit and perspective of the technical invention, the above is only the present issue; ^ = This example 'fanyi The application of this invention is really good! ^ Α ~ ^ m ^ 655655 Brief description of the drawings [Simplified illustration of the drawings] Figure 1 is a mechanism of a known identity authentication server Figure 2 is a wireless local area network applicable to the first embodiment of the present invention Schematic diagram. Figure 3 shows the operational steps of the method of the first embodiment of the present invention. Figure 4 is a flowchart illustrating the main steps of the method of the first embodiment of the present invention. Figure 5 is a schematic diagram of a wireless local area network suitable for the second embodiment of the present invention. Six is the operation steps of the method according to the second embodiment of the present invention. Fig. 7 is a flowchart illustrating the main steps of the method according to the second embodiment of the present invention. [Illustration of drawing number] 10 0 Identity authentication server Radius Server) 102 database 140 wireless base station 1 4 2 wireless base station 1 44 wireless base station 160 new wireless station 162 wireless station 164 wireless station 166 wireless station 210 email server 2 2 0 dynamic host setting communication Protocol server 2 3 0 Network management console 2 3 5 Wireless station computer name table for legal users

Page 574 655

Simple illustration on page 21 240 wireless base station 242 wireless base station 244 wireless base station 250 wireless base station 252 wireless base station 254 wireless base station 256 wireless base station 310 newly added wireless base station 320 wireless base station 330 dynamic host setting protocol server 340 Network Management Console 350 System Administrator's Workstation 381 Connection 382 Standard Simple Network Management Protocol Setting Tracking 383 Requesting Network Address Request 384 Sending Network Address 385 Requesting Network Address 386 Sending Back Network Address 387 Request computer name report 388 Report itself computer name 389 Check computer name received 390 Cut off traffic to illegal wireless station 391 Send alert message via email 574655 Schematic description 392 Update the alert message or beep 410 establish an association (association) 420 report the network card number 430 request the DHCP to assign a network address 440 the network management console to obtain the network address and computer name 450 check the legal station 460 notify the base station to cut off the service 470 notify the system administrator and Alert 682 to Report identity and password 683 Outgoing encrypted identity and password 684 Notify 710 via simple network management protocol 710 Establish connection with new station 720 Request user identity and password 730 Encrypted transmission 740 Decrypt after receiving 750 Check if it is legal User 760 Disconnect service 770 Notify network management console 780 Notify system administrator and alert

Page 22

Claims (1)

574655 VI. Scope of Patent Application 1. A method for wireless local area network security control and intrusion detection, the method includes the following steps: (a) in a network management console, maintain a wireless record of legitimate users Platform computer name table, when a newly added wireless station (wireless station) has the correct Service Set Identifier (SSID), and Wired Equivalent Privacy (MAC) When the WEP key value is also correct, an association is established between the wireless base station and the wireless base station; (b) the wireless base station sends the wireless base station to the network management console and sends a standard SNMP Trap (simple network Tracking of the network management protocol) to notify the network management console that the new wireless station joins the wireless local area network; (c) the newly added wireless station sets a protocol server to the dynamic host and sends a request network Address (IP address) requirements; (d) when the newly added wireless station requests in step (c), the dynamic host setting communication protocol is obtained The server approves, the dynamic host setting protocol server will send a network address to the newly added wireless station; (e) the network management console sends a request for the network address to the newly added wireless station ; (F) the newly added wireless station returns the network address to the network management console, wherein step (e) and step (f) can be completed in one of the following ways: (1) Request a RARP (Reverse Address Resolution Protocol) packet, Page 23 574655 6. The scope of the patent application The request packet is sent from the network management console. The reverse address resolution protocol packet has a known network card number. When the wireless station receives the packet from the network management control, The station ’s reverse address resolution protocol packet request automatically responds to the request ’s network address of the wireless station; (2) sends a broadcast packet requesting the network address to the entire network, which requests the network address The broadcast packets are from the network management console. All stations in the network will return address packets representing the network of the site. The network management console analyzes these packets and finds out based on the network card number of the wireless station. The network address of the wireless station; thereby, the network management console already has the network card number and network address of the newly added wireless station; (g) the network management console requests the newly added The wireless station reports its own computer name; (h) The newly added wireless station reports its own computer name to the network management console. This action is located at the newly added wireless station. The utility program issued on the driver is issued; (i) The network management console checks whether the computer name received is located in the wireless station computer name table of the legitimate user: if not, the wireless station is regarded as Illegal user (i 1 1 ega 1 user), the network management console sends a command to the wireless base station through SNMP (Simple Network Management Protocol), so as to deny service to the illegal wireless base station, when the wireless base station Received refusal to serve the illegal wireless station Page 24 574655 6. Immediately after requesting patent coverage, cut off all traffic provided to the illegal wireless station (traffic); (j) When the network management console detects the illegal wireless station, Notify the system administrator's workstation. The system administrator's workstation will display a warning message, emit a beep, or send a warning message via email. 2. The method as described in item 1 of the scope of patent application, wherein the method requires pre-connection to the email server, the dynamic host setting protocol server, the network management console, and the system administrator's workbench, And the plurality of wireless base stations are in the same local area network. 3. The method described in item 1 of the scope of patent application further allows multiple wireless base stations and multiple wireless stations to connect to each other through radio waves and the IEEE 802.11.1 communication standard. 4. The method according to item 1 of the scope of patent application, wherein the network management console includes: at least one wireless station computer name table containing legal users. 5. The method according to item 1 of the scope of patent application, wherein the wireless station comprises: a laptop computer and its radio frequency communication device; a notebook computer and its radio frequency communication device; or 574655 VI. Scope of patent application A palmtop computer and its RF communication device. 6-A method for wireless local area network security control and intrusion detection, the method includes the following steps: (a) providing a plurality of wireless base stations, each of which maintains a separate record in advance The user ’s wireless station computer name list, when a newly added wireless station (wireless wireless) has the correct Service Set Identifier (SSID), and the wired equivalent confidentiality along with the MAC address When the standard (Wi red Equivalent Privacy 'WEP) key value is also correct, a connection is established between the wireless station and 4 wireless base stations (ass〇ciati〇n); (b) the wireless base station requires the newly added wireless station To report the identity of the user of the wireless station (ident i ty) and the pass code (passw〇rd); (c) The newly added wireless station reports the identity of the user and the pass code (passw 〇r ^) To the wireless base station; (d) The wireless base station checks whether the identity (identity) and password (passw〇rd) of the user who has received the report is a legitimate user: if not The wireless station is regarded as an illegal user. The wireless base station immediately cuts off all traffic provided to the illegal wireless station and notifies the network through the Simple Network Management Protocol (SNMp). Road management console: the wireless station is an illegal user (丨 丨 丨 ega 1 user); (e) when the network management console receives a message that the wireless station is illegal, 'notify the system administrator's workstation, The system administrator's workstation Page 26 574655 VI. Scope of patent application No warning message will be displayed, a beep sound will be issued, or a message will be sent out via email. • The method as described in item 6 of the scope of patent application, wherein the method needs to be connected in advance to the email server, the dynamic host setting protocol server, the network management console, the system administrator's workstation, and The plurality of wireless base stations are in the same local area network. 8. The method according to item 6 of the scope of patent application, wherein the computer name table includes: a service set identifier (SSID) of at least one legal user and at least one legal user together with a network card number ( MAC add res s) Wired Equivalent Privacy 'WEP' key value. 9. The method according to item 6 of the scope of patent application, further comprising the step of transmitting the user's identity and password encrypted report by the newly added wireless station to the wireless base station: (a ) Provide an encryption and decryption method. The newly added wireless station encrypts the user's identity and password; (b) the newly added wireless station encrypts the user's identity and The encrypted result of the pass code (passw 〇rd) is transmitted to the wireless base station; (c) The wireless base station receives the newly added wireless station. Page 27 574655 VI. Patent Application Scope The user's identity and password are encrypted and decrypted. 10. The method described in item 6 of the scope of the patent application further allows multiple wireless base stations and multiple wireless stations to connect to each other through radio waves and the IEEE 802.1 communication standard. 1 1. The method according to item 6 of the scope of patent application, wherein the wireless station comprises: a laptop computer and its radio frequency communication device; a notebook computer and its radio frequency communication device; or a palmtop computer and its radio frequency Communication device. Page 28