What is a Rogue Access Point?
A rogue access point (or AP) is any wireless access point that is installed on a network without authorization and is thereby not managed by the network administrator. Rogue APs then do not have the same security setup as other access points. They are especially dangerous as they are physically installed behind a network firewall, meaning someone who gains access to the AP can get access to the broader network. Rogue APs may be installed maliciously by an attacker or simply by an employee looking for their own special wifi access and could be plugged directly into a firewall or network switch, a wall connection, or even other network devices. Regardless, rogue access points may be used for a variety of attacks, including denial of service, data theft, and other malware deployment.
How to Recognize This Threat: A visual inspection of network devices like firewalls and switches can identify an access point that doesn’t belong, but for better visibility, conduct regular scans of your wireless air space, as rogue access points won’t show up over the wire.
How to Prevent This Threat: A Wireless Intrusion Prevention System (WIPS) such as the one offered through WatchGuard can detect and stop rogue APs. A managed network switch is preferable to an unmanaged one, as someone attempting to plug in an access point to a random unused port will not gain access if the device is properly configured. Ensuring logging is enabled can also help identify suspicious activity. And if an employee is responsible for setting up a rogue AP, ensure proper training is in place with policies that discourage this practice. Regardless of how rogue APs are identified, ensure they are addressed as soon as possible.