Rogue access points are those connected to a network without planning or permission from the network administrator. For example, we know one administrator in Dallas who just did his first wireless security scan (war driving) on his eight-building office campus. To his surprise, he found over thirty access points. Worse, only four of them had authorization to be connected to the network. Needless to say, heads rolled.
Rogue access points are becoming a major headache in the security industry. With the price of low-end access points dropping to just over one hundred dollars, they are becoming ubiquitous. Furthermore, many access points feature settings that make them next to transparent on the actual network, so their presence cannot be easily detected .
Many rogue access points are placed by employees looking for additional freedom to move about at work. The employees simply bring their access points from home and plug them directly into the corporate LAN without authorization from the IT staff. These types of rogue access points can be very dangerous, as most users are not aware of all the security issues with wireless devices, let alone the security issues with the wired network they use each day.
In addition, it is not always well-intentioned employees who deploy rogue access points. Disgruntled employees, or even attackers can deploy an access point on your network in seconds, and they can then connect to it later that night. In addition, if the access point has DHCP enabled, you now have a rogue DHCP server in addition to a wireless hole in your perimeter.
The following are seven key points to successfully placing a rogue access point:
The preceding steps should only be used when experimenting on your own home test network. Always make sure to get prior written permission before attempting these steps.
If you already have a wireless network deployed, and then someone places a rogue access point on your network using your existing SSID, this can also create additional problems. This type of access point could extend your network well beyond the bounds of your office. In some cases, the rogue access point could be set up as a link broadcasting your network traffic across town. They can even be made to appear as if they are part of your network, thus causing clients on your network to use them for connectivity. When a client connects to the rogue access point and attempts to access a server, the username and password can be captured and used later to launch an attack on the network.