--> A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from the network administrator, whether it is added by a well-known employee or by a malicious attacker.
--> If a rogue access point is in place, there is no guarantee that it will have password protected access (or) it will use encryption to protect the wireless communications.
--> So, someone sitting in a car in the nearby street can get these signals and can get access to the corporate network directly if there is no password protection, and using software tools like wireless sniffers, if there is password protection but no encryption.
--> This way the intruder can get access to corporate information (or) can use obtained information to carry out some wireless attacks on the network.
--> Wireless Intrusion Prevention System is required to detect rogue access points in the secure network.
--> Wireless Intrusion Prevention Systems can identify rogue access points by verifying all the MAC addresses (of access points) and ARP entries in MAC tables and ARP Tables obtained from the wired network (eg. Switch CAM table) and the wireless network.
--> Some WIPS systems can send some special type of packets in the wired and wireless networks to monitor which access points forward them between the two networks, to identify whether the access points are connected to the wired network.
--> Wireless Intrusion Prevention Systems can block such rogue access points by employing WIPS sensors to disconnect the client’s connection with the rogue access points by sending spoofed disconnection frames (De-Auth frames) continuously.
--> When they do that, the client’s think that this AP is no longer available and hence do not connect with it, at least temporarily.
--> Certain WIPS systems can also locate the switch port to which the rogue access point is connected, and disable the switch port using SNMP (for example) if the wired network allows for such integration.
--> These are the commonly used methods to block the rogue access point communications but few vendors might employ some additional techniques, as well.
--> If a rogue access point is in place, there is no guarantee that it will have password protected access (or) it will use encryption to protect the wireless communications.
--> So, someone sitting in a car in the nearby street can get these signals and can get access to the corporate network directly if there is no password protection, and using software tools like wireless sniffers, if there is password protection but no encryption.
--> This way the intruder can get access to corporate information (or) can use obtained information to carry out some wireless attacks on the network.
--> Wireless Intrusion Prevention System is required to detect rogue access points in the secure network.
--> Wireless Intrusion Prevention Systems can identify rogue access points by verifying all the MAC addresses (of access points) and ARP entries in MAC tables and ARP Tables obtained from the wired network (eg. Switch CAM table) and the wireless network.
--> Some WIPS systems can send some special type of packets in the wired and wireless networks to monitor which access points forward them between the two networks, to identify whether the access points are connected to the wired network.
--> Wireless Intrusion Prevention Systems can block such rogue access points by employing WIPS sensors to disconnect the client’s connection with the rogue access points by sending spoofed disconnection frames (De-Auth frames) continuously.
--> When they do that, the client’s think that this AP is no longer available and hence do not connect with it, at least temporarily.
--> Certain WIPS systems can also locate the switch port to which the rogue access point is connected, and disable the switch port using SNMP (for example) if the wired network allows for such integration.
--> These are the commonly used methods to block the rogue access point communications but few vendors might employ some additional techniques, as well.
0 Comments