How to Discover Rogue Wireless Access Points and Network Access Points

Steve Mallard
Categories : Smb security ,Computing
Tags : Computing smb security topics network security

Page content

What is a Wireless Access Point?

What is a Wireless Access Point? A Wireless Access Point is a hardware device that can be plugged into a wired network to give mobile users (laptops and handheld) access to the internal (LAN - Local Area Network) network. Because these devices can be plugged in with or without security features, these WAPS can be plugged in without a network administrator’s knowledge. The individual plugging these in can connect directly to them and obtain their IP address from what ever device is giving out IP addresses (DHCP Server). This allows the mobile user access to the network and generally to the internet. See pictures below.

WAPS

Rogue Access Points

Rogue Access Points are access points that have been plugged into a controlled network. Any access point - whether a wireless access point or a network access point - brought from an employee’s home that is plugged into a company network is considered a rogue AP. With home network access points being inexpensive, this becomes a grave concern to network administrations. These access points can be plugged into a switch and the employee can connect wirelessly or by connecting to the built-in switch in the back of the AP.

This threat can become serious because malicious users could attach to the access point and have access to the internet and to host on the network. With packet capturing tools, the malicious user could intercept packets and capture valuable information. This in turn could lead to a logistical security nightmare.

Methods to Detect Access Points

There are several methods to detect rogue access points. Network Administrators should first develop policies on the detection of these access points. Administrators can use the simplest form of detection by monitoring the signals at the location, or use wireless probes.

Many access point vendors today have built in functionality that allows the access point to detect other access points on the network. Network administrators can program the APs to recognize the ‘friendly’ access points. The AP can in turn report to the IT team if a rogue access point is placed on the network.

Desktops placed throughout an organization with USB or PCI wireless cards can be set up to detect and monitor access points on the network. Other methods include having the Network Administrators place a dedicated access point(s) on the network and have this AP listen continuously for rogue access points.

Many companies today are electing to use software that manages WLANs (Wireless Local Area Networks). This software can be configured by network administrators so that each friendly access point is identified and rogue access points will be reported. In the event a rogue access point is placed on the network, the access point is compared to the software suite’s database and a report is sent to the information technology department.

Companies such as AirWave and AdventNet sell suites that manage networks and track, inventory and report on wireless connectivity in an organization.

Regardless of the method companies use, they need to be aware of how to detect these threats on their network.