WHIFF – Wireless Intrustion Detection System
A project by Foundstone®, Inc.
and Carnegie Mellon University
Christopher R. Ameter • Russell A. Griffith • John K. Pickett
CMU Faculty Advisor: Chris Prosise, Foundstone Inc.
WHIFF
A Wireless Intrusion Detection System
Developed by Foundstone, Inc. and Carnegie Mellon University
This paper presents an overview of the Whiff Intrusion Detection System, which was developed during the
summer and fall of 2002 by a team of graduate students majoring in Information Security and Assurance at
Carnegie Mellon University. The project was a collaborative effort between Carnegie Mellon and
Foundstone, Inc. The experience and knowledge gained during this project will enhance and refine future
versions of Foundstone’s industry leading security software.
Whiff is a system that solves several current, real-world wireless security problems. Whiff identifies and
monitors wireless networks and devices, alerting administrators to exposures in real time. Whiff is
comprised of multiple listeners which monitor all wireless activity and report to a central correlation engine.
The correlation engine delivers to multiple users a complete asset inventory of wireless devices and access
points as well as a GPS map of signal propagation. The system integrates intrusion detection capabilities,
alerting administrators to wireless and traditional intrusion attempts, rogue access points, and rogue clients.
This document details Whiff’s features and functionality. We believe that the capabilities demonstrated in
Whiff will provide needed security solutions to organizations implementing wireless networks.
TABLE OF CONTENTS
Introduction
1
Scope and Objectives
2
Background
3
Solution
4
Detail
5
Conclusions
21
Resources
22
www.foundstone.com
© 2003 Foundstone, Inc. All Rights Reserved | 1
Introduction
During the spring of 2002, a team of Carnegie Mellon