Browse Definitions :
Definition

WIPS (wireless intrusion prevention system)

A wireless intrusion prevention system (WIPS) is a dedicated security device or integrated software application that monitors a wireless LAN network's radio spectrum for rogue access points and other wireless threats.

A WIPS compares the MAC addresses of all wireless access points on a network against the known signatures of pre-authorized, known wireless access points and alerts an administrator when a discrepancy is found. To circumvent MAC address spoofing, some higher-end WIPS are able to analyze the unique radio frequency signatures that wireless devices generate and block unknown radio fingerprints.

The PCI Security Standards Council recommends the use of WIPS to automate wireless network scanning. In addition to providing a layer of security for wireless LANS, WIPS are also useful for monitoring network performance and discovering access points with configuration errors.

There are three basic ways to deploy a WIPS. The first, primarily found at the lower-end of the market, is known as time slicing or time sharing. In this type of deployment, the wireless access point does double duty, providing network traffic with wireless connectivity while periodically scanning for rogue access points.

In the second approach, which is known as integrated WIPS, a sensor that is built into the authorized access point continually scans radio frequencies, looking for unauthorized access points.

In the third approach, which is known as WIPS overlay, sensors are deployed throughout a building to monitor radio frequencies. The sensors forward the data they collect to a centralized server for further analysis, action and log archiving. This approach is more expensive because it requires dedicated hardware, but it is also thought to be most effective.

WIPS overlay hardware resembles a rack server and the associated sensors resemble Wi-Fi access points. Most WIPS overlay systems share the same fundamental components:

Sensors -- monitor the radio spectrum and forward logs back to a central management server.


Management server -- receives information captured by the sensors and take appropriate defense actions based on this information.


Database server –- stores and organizes the information captured by the sensors.


Console -- provides an interface for administrators to set up and manage the WIPS.

While WIPS overlays provide many valuable features and protections, especially to large enterprises who capture customer data, they can be quite costly. With hardware, applications, subscriptions and training all factored in, an enterprise with 250 access points might spend as much as $100,000 on WIPS.

 

 

This was last updated in March 2015

Next Steps

Learn about wireless intrusion prevention system deployment types, purchasing options and types of threats prevented in this introduction to WIPS.

Considering purchasing a WIPS for your organization? Expert George V. Hulme reviews six reasons why enterprises benefit from implementing a wireless intrusion prevention system.

Criteria for choosing the right WIPS system.

Find out what the top wireless intrusion prevention systems are.

Continue Reading About WIPS (wireless intrusion prevention system)

Networking
  • CSU/DSU (Channel Service Unit/Data Service Unit)

    A CSU/DSU (Channel Service Unit/Data Service Unit) is a hardware device about the size of a modem. It converts a digital data ...

  • data streaming

    Data streaming is the continuous transfer of data from one or more sources at a steady, high speed for processing into specific ...

  • secure access service edge (SASE)

    Secure access service edge, also known as SASE and pronounced sassy, is a cloud architecture model that bundles network and ...

Security
  • application blacklisting (application blocklisting)

    Application blacklisting --increasingly called application blocklisting -- is a network or computer administration practice used ...

  • juice jacking

    Juice jacking is a security exploit in which an infected USB charging station is used to compromise devices that connect to it.

  • hypervisor security

    Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout...

CIO
HRSoftware
  • recruitment process outsourcing (RPO)

    Recruitment process outsourcing (RPO) is when an employer turns the responsibility of finding potential job candidates over to a ...

  • human resources (HR) generalist

    A human resources generalist is an HR professional who handles the daily responsibilities of talent management, employee ...

  • employee lifecycle

    The employee lifecycle is a human resources model that identifies the different stages a worker advances through in an ...

Customer Experience
  • Adobe Experience Platform

    Adobe Experience Platform is a suite of customer experience management (CXM) solutions from Adobe.

  • virtual assistant (AI assistant)

    A virtual assistant, also called an AI assistant or digital assistant, is an application program that understands natural ...

  • inbound marketing

    Inbound marketing is a strategy that focuses on attracting customers, or leads, via company-created internet content, thereby ...

Close