- Cyber Security Business
Submitted by: Mark McSherry
If you ve just started to work with lightweight access points, you might have already come across the term rogue access point .
The questions most people ask are:
What is it?
What can I do about it?
Rogue access points are determined by your lightweight wireless LAN controller as an access point it does not control. This can mean that there is an AP on your site that should not be there however in some cases it may be an access point which is used for a hotspot, such as a nearby coffee shop.
The good news is that on your controller you can set up some rules. These rules are used to automate the process of determining if a rogue access point is an issue or not.
You can classify on a number of different parameters and classifying on signal strength or the SSID broadcast allows you to determine if the AP may be is a friendly or a malicious AP.
If, for example, the rogue AP has the same SSID you have, then the chances are that it s malicious. It s flagged as such and you can investigate. Rogue APs are an issue because a hacker may set up an access point to impersonate one of your APs. They may also be used to send out disconnect messages, so you should also configure your network to allow clients and APs to authenticate each other.
Generally when you switch a new lightweight network on, you ll find that there are sometimes dozens of rogue APs identified however using the automated rules allows you to determine which may be safely ignored.
If you determine a rogue AP is malicious, you have several options (depending on your network configuration):
You can perform a wired trace to determine if the AP is connected to your wired network and you can then disable the switchport where the rogue AP is connected.
You can use location tracking to determine the likely location of the rogue AP and physically visit the location.
You can contain the rogue AP. This option will cause nearby APs from your wireless LAN to send de-authenticate and disassociate messages to any clients trying to associate to this rogue AP effectively rendering the rogue AP useless when in the presence of your wireless LAN. This option can be activated manually on a per AP basis or a rule can be setup to deactivate all APs connected to your wireless LAN (This option must be used with caution as accidentally disabling somebody else s wireless LAN outside of your premises may have legal ramifications)
Rogue access points are a fact of life any time you stand up a managed lightweight network you re going to see them the question is how you manage which are a threat to your business and which ones you don t care about. Once a new network is deployed it can take a fair bit of upfront work to categorise all the rogue APs.
The real lesson is that a wireless network isn t a static thing it changes and requires ongoing support and maintenance.
About the Author: IPTel Solutions are an Australian based company providing the design and delivery of Enterprise computer networks. Specialising in Wireless, we also work in Routing & Switching and Voice. Visit us at