Browse Definitions :
Definition

WIPS (wireless intrusion prevention system)

A wireless intrusion prevention system (WIPS) is a dedicated security device or integrated software application that monitors a wireless LAN network's radio spectrum for rogue access points and other wireless threats.

A WIPS compares the MAC addresses of all wireless access points on a network against the known signatures of pre-authorized, known wireless access points and alerts an administrator when a discrepancy is found. To circumvent MAC address spoofing, some higher-end WIPS are able to analyze the unique radio frequency signatures that wireless devices generate and block unknown radio fingerprints.

The PCI Security Standards Council recommends the use of WIPS to automate wireless network scanning. In addition to providing a layer of security for wireless LANS, WIPS are also useful for monitoring network performance and discovering access points with configuration errors.

There are three basic ways to deploy a WIPS. The first, primarily found at the lower-end of the market, is known as time slicing or time sharing. In this type of deployment, the wireless access point does double duty, providing network traffic with wireless connectivity while periodically scanning for rogue access points.

In the second approach, which is known as integrated WIPS, a sensor that is built into the authorized access point continually scans radio frequencies, looking for unauthorized access points.

In the third approach, which is known as WIPS overlay, sensors are deployed throughout a building to monitor radio frequencies. The sensors forward the data they collect to a centralized server for further analysis, action and log archiving. This approach is more expensive because it requires dedicated hardware, but it is also thought to be most effective.

WIPS overlay hardware resembles a rack server and the associated sensors resemble Wi-Fi access points. Most WIPS overlay systems share the same fundamental components:

Sensors -- monitor the radio spectrum and forward logs back to a central management server.


Management server -- receives information captured by the sensors and take appropriate defense actions based on this information.


Database server –- stores and organizes the information captured by the sensors.


Console -- provides an interface for administrators to set up and manage the WIPS.

While WIPS overlays provide many valuable features and protections, especially to large enterprises who capture customer data, they can be quite costly. With hardware, applications, subscriptions and training all factored in, an enterprise with 250 access points might spend as much as $100,000 on WIPS.

 

 

This was last updated in March 2015

Next Steps

Learn about wireless intrusion prevention system deployment types, purchasing options and types of threats prevented in this introduction to WIPS.

Considering purchasing a WIPS for your organization? Expert George V. Hulme reviews six reasons why enterprises benefit from implementing a wireless intrusion prevention system.

Criteria for choosing the right WIPS system.

Find out what the top wireless intrusion prevention systems are.

Continue Reading About WIPS (wireless intrusion prevention system)

Networking
  • network management system

    A network management system, or NMS, is an application or set of applications that lets network engineers manage a network's ...

  • host (in computing)

    A host is a computer or other device that communicates with other hosts on a network.

  • Network as a Service (NaaS)

    Network as a service, or NaaS, is a business model for delivering enterprise WAN services virtually on a subscription basis.

Security
  • WebAuthn API

    The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web ...

  • Common Vulnerability Scoring System (CVSS)

    The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in ...

  • Dridex malware

    Dridex is a form of malware that targets victims' banking information, with the main goal of stealing online account credentials ...

CIO
  • audit program (audit plan)

    An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate ...

  • blockchain decentralization

    Decentralization is the distribution of functions, control and information instead of being centralized in a single entity.

  • outsourcing

    Outsourcing is a business practice in which a company hires a third party to perform tasks, handle operations or provide services...

HRSoftware
  • team collaboration

    Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...

  • employee self-service (ESS)

    Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related ...

  • learning experience platform (LXP)

    A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (...

Customer Experience
  • market segmentation

    Market segmentation is a marketing strategy that uses well-defined criteria to divide a brand's total addressable market share ...

  • sales pipeline

    A sales pipeline is a visual representation of sales prospects and where they are in the purchasing process.

  • market basket analysis

    Market basket analysis is a data mining technique used by retailers to increase sales by better understanding customer purchasing...

Close