A rogue access point (AP) is a wireless access point that has gained access into secure enterprise network without explicit authorization from the network administration team. These unauthorized rogue access points open wireless backdoors into wired networks. There could be numerous unauthorized APs in and around the airspace of your corporate firewall. There could be Wi-Fi devices from employees who bring personal devices into the corporate WLAN and APs from neighboring concerns that may be accessible to your network because of proximity. These may not look potentially malicious but still they are unsecured and may turn out to be security threats later on. And then, there are the actual rogue APs that pose potential security threats and by infringing into your corporate network.

  • In order to better understand the intent of these APs, let’s classify them as
  • Unauthorized APs – that which are introduced by employees within the organization but with no detrimental intent
  • Insecure APs – that which bypass network security owing to airspace proximity
  • Malicious APs – actual rogue APs that pose a security threat. Some of these include:
    • Skyjacking attack: Vulnerabilities within device access points could be used by remote attackers to convert an authorized AP into rouge by taking full control over it.
    • Planting a malicious rogue AP within the office space disguised as a trusted AP.
    • Rogue APs can also  spoof MAC addresses used by legitimate APs or try to mimic your own WLAN's SSID


While all of these malicious and non-malicious access points need to be monitored, it is the responsibility of the network administrator to ensure the malicious ones are contained and eliminated.

How SolarWinds can help you monitor rogue APs?

SolarWinds Network Performance Monitor (NPM) is an effective network management software that comes with an integrated poller that can get help identify your rogue APs in a multi-vendor network environment by scanning wireless controllers and devices. SolarWinds NPM network monitor supports monitoring both thin and thick (or autonomous) access points and their associated clients. You can also use the out-of-the-box on rogue access points over varying time frames.

NPM Wireless Summary View.png

SolarWinds User Device Tracker is comprehensive network device monitoring tool that can be used to drill deeper into the rogue access point and get details of all the endpoints connected to it, when the rogue AP was connected, how long it was active and which user was using it.

 

UDT Access Point Details.png

Now that you’ve detected the rogue access point and analyzed its activity in your WLAN, you can take appropriate measures to contain or eliminate it from your enterprise network once and for all.


NPM_Cybersecurity_WP.png