Detection of Rogue Access Points
jon.p.sevier at gmail.com
Mon Oct 15 03:00:31 UTC 2012
On Sun, Oct 14, 2012 at 1:59 PM, Jonathan Rogers <quantumfoam at gmail.com>wrote:
> An issue has come up in my organization recently with rogue access points.
> So far it has manifested itself two ways:
> 1. A WAP that was set up specifically to be transparent and provided
> unprotected wireless access to our network.
> 2. A consumer-grade wireless router that was plugged in and "just worked"
> because it got an address from DHCP and then handed out addresses on its
> own little network.
There are wireless IDS/IPS products available that monitor not only the
airspace, but the wire as well. Many of these products will also actively
defend the airspace. Search for "wIDS" and/or "wIPS". Often the cost of
purchasing and deploying these products is more expensive than the cost of
implementing simple 802.1x port authentication though.
If nothing else, set up guest wireless piped to a cheap broadband
connection and create and/or enforce proper acceptable use policies on your
LAN. The less you fight your users, the easier your job is.
Of course all of this is dependent on the business and legal jurisdiction
you are in.
More information about the NANOG