One of the most common wireless security threats is the rogue access point—it is used in many attacks, both DoS and data theft. Many other rogue access points, however, are deployed by employees wanting unfettered wireless access—these access points are called soft access points. Other rogues are located in neighboring companies using your network for free access. Typically low-cost and consumer-grade, these access points often do not broadcast their presence over the wire and can only be detected over-the-air. Because they are typically installed in their default mode, authentication and encryption are not enabled, thereby creating a security hazard. Because wireless LAN signals can traverse building walls, an open access point connected to the corporate network the perfect target for war driving. Any client that connects to a rogue access point must be considered a rogue client because it is bypassing the authorized security procedures put in place by the IT department. Show
This topic includes the following: What is a Rogue Access Point?A rogue access point is a device not sanctioned by an administrator, but is operating on the network anyway. This could be an access point set up by either an employee or by an intruder. The access point could also belong to a nearby company. These are some reasons to suspect that an access point is a rogue:
How Are Rogue Access Points and Rogue Clients Identified By Controllers?Wireless radios automatically scan the RF spectrum for other access points transmitting in the same spectrum. The RF scans discover third-party transmitters in addition to other Juniper radios. Controllers consider all non-Juniper transmitters to be suspects (potential rogues) by default. If the device is a Juniper device, but the MAC address is not in the appropriate database, a series of rules determine whether that device is a rogue. Once an access point is declared a rogue, it is reported by MSS:
How are Rogue access points and Rogue Clients Classified as Rogue?Controllers use a set of rules, illustrated in Figure 1, in order to classify unknown access points as either members, neighbors, suspects, or rogues. Figure 1: How Scanned Information is Used to Classify Access PointsThe definition of each classification-–member, neighbor, suspect, or rogue—is listed in Table 1. Table 1: Classifications Define a Rogue
You Can Change Some Rogue Classification RulesClassification rules are either built-in or selected by you from a set of pre-defined rules. Built-in rules are constant and cannot be changed. User rules are the rules that let you configure certain classification behaviors. Notice that the first classification rule eliminates access points in the rogue list and cannot be altered. Two configurable rules default to rogue classification and you can set a third to classify the default condition as rogue.
What Harm Can a Rogue Access Point Do?Rogue access points and their clients undermine the security of an enterprise network by potentially allowing unchallenged access to the network by any wireless user or client in the physical vicinity. Rogue access points can also interfere with the operation of your enterprise network. Rogue access points can do the following damage:
What Can I do To Prevent Rogue Access Points?There are a number of actions you can take that make it more difficult for a rogue to penetrate your network. See Table 2 for details. Table 2: Preventing Rogue Access Points
How Do I Prevent a Benign Access Point From Being Classified as a Rogue?access points belonging to your mobility domain are never classified as rogues. Presence of third-party access points on a permitted SSID list or OUI list does not guarantee that the device will not be classified as a rogue for other reasons. The only sure way to be sure a non-mobility domain device is not classified as a rogue is to add the device or vendor to the neighbor list. Neighbors are devices known to be part of a neighboring network and non-threatening. Vendors can also be added to the neighbor list, so that all of the devices from that vendor become neighbors. What type of attack is done when the attacker tries to create rogue access points to gain access to the network or steal information?Evil twin attack: This is done when the attacker is trying to create rogue access points so as to gain access to the network or steal information.
What is a rogue access point attack?A rogue access point — or rogue AP — is a wireless access point plugged into an organization's network that the security team does not know exists. While rogue access points can be used as part of a coordinated attack, employees unaware of proper cybersecurity protocol often install them.
Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit?Evil twin attack – This attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
What makes rogue access points a threat?In any case, a rogue access point can pose a stern security threat to large organisations or even one's personal home network because anyone accessing this access point can monitor what the private network is accessing like websites, what they're downloading, or it can even redirect the user to a bogus website that the ...
|