How to Detect a Rogue Access Point on Your WIFI Network

A rogue access point (AP) is any Wi-Fi access point connected to a network without authorization. In order to protect sensitive data, it is critical to prevent the use of unauthorized access points. Since a rogue AP is not under the management of network administrators, nor does it necessarily conform to network security policies, then rogue access points can allow attackers to bypass network security and attack the network or capture sensitive data.

Gambar terkait

In the absence of a wireless probe to monitor the airwaves, security personnel can manually search for rogue APs. An inexpensive but effective method for finding potential rogues is to use a freely available Transmission Control Protocol (TCP) port scanner that identifies enabled TCP ports from various devices connected to the network.

The steps to discover a rogue AP begin with running the port scanner software from a computer connected to the network. The utility uncovers all Port 80 (HTTP) interfaces on the network, which include all Web servers, some printers, and nearly all access points. The AP will generally respond to the port scanner’s ping with the vendor name and it’s corresponding Internet Protocol (IP) address.

Once an AP is discovered, the network administrator must determine if the AP is or is not a rogue. Ideally, the administrator would use software that would allow a pre-configured authorized list of access APs. If the scanning for rogue APs is manual, a list of authorized APs is still necessary. The authorized list can be populated using the following attributes:

MAC Address

SSID

Vendor

Radio Media Type

ChannelThe aforementioned attributes, determined automatically or manually if software is not being used, will alert the detection tool if access points with differing attributes from the authorized list are present.

When rogue access points are determined, the administrator must have procedures in place to identify their locations.

Perhaps the most difficult step in this discovery process is to determine the physical location of the rogue access point. wifi機 may help. A routing table is present on all IP nodes.

The routing table stores information about 租借國際WiFi分享器 and how they can be reached. Because all nodes perform some form of IP routing then any node loading the TCP/IP protocol has a routing table. When an IP packet is to be forwarded, the routing table is used to determine the physical or logical interface used to forward the packet to either its destination or the next 無線網路 分享器.

With the information derived from the routing table, a rogue IP address may be located by determining which node the address utilizes. Keep in mind that the location of nodes must be correlated with the addresses in the routing table. The limited operational distance of the RF signal can be useful in narrowing down the physical location of the rogue access point as well.

Perhaps the most fundamental step in protecting against a rogue access point may be having a security policy. A security policy should outline the rules against unauthorized wireless devices and employees should be educated about the policy. This will help stop the most common users of unauthorized devices, employees.