Detection of Rogue Access Points
r.engehausen at gmail.com
Mon Oct 15 15:54:25 UTC 2012
Why not give them wireless Internet access only? That will keep all the
smartphone users happy.
On 10/15/2012 8:12 AM, Jonathan Rogers wrote:
> Well, quite frankly they have the tools they need. Our remote sites do not
> have any devices that require wireless. They don't have company-issued
> laptops, and personal laptops are not allowed. The policy is on the books
> but it isn't my department to make sure people know about it and follow it.
> Our end users at these branch offices are typically not very technically
> inclined and have no idea what a security risk this is (especially
> considering that we have EPHI on our network, although I can't really say
> more in detail than that). The person who put in the WAP I discovered
> doesn't even work for us any more.
> Port-based security might work, but our edge switches are total garbage
> (don't get me started, not in my control). I didn't find this WAP via
> nmap...it didn't show up. I believe it probably didn't have a valid
> management interface IP for some reason. We saw suspicious entries in the
> router's ARP table and starting looking around the office from there.
More information about the NANOG