What is a Rogue Access Point (Rogue AP)?
As a business owner or an IT system administrator, it’s important to be able to identify rogue access points and minimize the threats that they pose to your wireless network. You’re probably wondering, “What are rogue access points?” Read on to find out how they can impact your wireless network and the steps you can take to improve your access point’s network management features so that they don’t become a recurrent issue.
What Are Rogue Access Points?
One of the most common security threats to enterprise networks, rogue access points (or rogue APs) are wireless access points that have been installed in an office or data center without the knowledge or permission from the system administrator via the wired infrastructure.
This allows unauthorized access to the secured network’s wired infrastructure, wherein any wireless user or client in the physical vicinity may bypass wireless security controls and monitor network traffic.
Some examples of a rogue AP include mobile devices attached via USB; wireless access points plugged directly to the existing firewall, switch, or router; or wireless devices connected to the server.
In most cases, these access points are set up by hackers as an attempt to illegally gather information or cause damage to your wireless network. Below are more details on the dangers of rogue APs.
1. Hackers Can Use Them to Install Malicious Software
If a rogue AP is created, hackers can use malicious software to gather sensitive data and personal information of employees located on the wireless network. This can lead to devastating level of identity theft and fraud. In some cases, the malware can even be designed to download itself onto the computers of people who connect to the corporate network, allowing the hackers to continue stealing data, even after they disconnect from the infected network.
2. Malware Can Also Damage Computers and Entire Networks
Malware that’s loaded onto your network from a rogue AP can also damage individual computers and even entire networks. This can be extremely costly for business owners, and it can severely slow down your business operations or even prevent them altogether.
3. Rogue APs Could Even Be Used to Disable Camera Systems
If malware is loaded onto a router via a rogue AP, it could be used to gain access to individual client devices that connect to the network, such as security systems. Malware that’s loaded on to your company’s client devices from a rogue access point can be used to gain remote access to computers, cameras, and anything else that connects to the internet in your company building.
4. Rogue APs Can Use Up Your Bandwidth
Rogue APs take a heavy toll bandwidth, which can result in exponential increases to your bill from your internet service provider. Not only can this cost your company money, but it can also slow down the internet connection for your employees. This can make it harder for your employees to do their work, which can also lead to lost revenue. And because rogue access points are often used for illicit activities, this can potentially cause far more serious legal troubles.
How Can You Prevent a Benign Access Point From Being Labeled Rogue?
A rogue AP is not authorized by the system administrator. Therefore, it’s important to make sure that you configure any intrusion detection system/prevention system (IDS/IPS) that you use to recognize existing wireless access points that you have cataloged. This will ensure that they are not incorrectly identified as rogue.
So, how do you know if an access point is authorized or not? Rogue APs can be detected by logging into your router as a system administrator. This will show you all of the access points on the network, and if you see something that has not been authorized, the access point is classified as rogue. A network security software program will do this for you, and you will be alerted if a rogue access point is created on your network.
How Can You Detect a Rogue AP?
If you are unsure whether an access point has been authorized or not, it’s important to investigate further, either with a wireless scanning tool or IDS/IPS. The signal strength from the rogue device will intensify as you get closer to it. Therefore, measuring the strength of the signal will allow you to determine where the rogue AP is located.
In many cases, you won’t even need any kind of special equipment to do it. All you’ll need is a laptop, which you will then hold at abdomen level. You will probably need to move around a bit to determine the direction that the signal is coming from.
Wi-Fi signals will be partially blocked if your back is turned to it. So, if you notice a dip in signal strength when you turn in a certain direction, you can turn around 180 degrees and find the direction that the signal is coming from. As you begin to approach the signal, it will continue to strengthen as you head closer to it until you locate the source. If you have access to equipment that can measure signal strength, locating the source becomes even easier.
What Are Rogue Clients?
Rogue clients refer to the individuals who are using your enterprise network without your consent. This does not necessarily mean that they have set up a rogue access point. Instead, it could simply be someone who has begun using your Wi-Fi from their laptop, smartphone, or other wireless devices without authorization.
In many cases, rogue clients are not using your WLAN for anything nefarious. However, unauthorized use of your Wi-Fi can cause serious problems even if a rogue access point has not been set up. So, how can you prevent rogue clients from accessing your network? These are few steps you can take to prevent a security hole being created in your network.
1. Pick the Right Passwords
In order to maintain a secure network, you’ll need to choose passwords that are difficult to guess. This will prevent someone from logging into your network without prior authorization to do so. Unfortunately, some business owners offer unchallenged access to their network by not setting a password. This can leave you extremely vulnerable to cyber attacks and security threats.
However, setting a strong password for Wi-Fi access is not enough on its own. You’ll need to make sure that you set a strong password for your router as well.
2. Monitor the Network for Unusual Activity
If you notice unusual activity on your network or more bandwidth is being used than usual, it’s possible that you could have a rogue client. If you notice any of these warning signs, check to see if there are any devices connected to your network that you do not recognize. You will be able to identify devices by their MAC address.
3. Have Excellent Cyber Security Practices
If you have good cyber security practices at your company, it’s less likely that a rogue client will be able to compromise your network. One of the most important steps to take is ensuring that rogue clients are detected quickly with a combination of scanning tools. Network security software, WiFi protection apps, and IDS/IPS will all alert you to rogue client logins.