Related
Recommended

The Danger of Rogue Wireless Devices and Access Points

neetha.edwin
3 minute read time

Providing access from nearly anywhere, Wireless Local Area Networks (WLANs) deliver a great deal of flexibility to business networks and their applications. It’s important to note that WLANs are also susceptible to vulnerabilities, misuse, and attacks from unauthorized devices known as rogue wireless devices. To safeguard company data and ensure smooth operations, it’s crucial to take steps to prevent, detect, and block unwarranted activity associated with these rogue wireless devices.


What are Rogue Wireless Access Points?


As more wireless devices are introduced into a network, more wireless access points and transmissions within the network's proximity are also created. When this happens, new, previously unknown access points (AP) from a neighbor’s network can sometimes be introduced into your network. These are rogue wireless access points, and their source can many times come unintentionally from employees. On the other hand, the source can be a malicious one who is intentionally installing and hiding the AP in order to gather proprietary information.


It’s tough to differentiate between genuine and rogue devices. But, no matter what the intent, all unauthorized wireless devices operating within the vicinity of the company’s network should be considered wireless rogue devices that could be opening up unknown access points.

                                                                    Wireless Rogues.png

Types of Rogues


Neighbor Access Points: Normally workstations automatically associate themselves with access points based on criteria like strong signals, Extended Service Set Identifier (ESSID), and data rates. As a result, there are chances that trusted workstations accidentally associate themselves with an AP located close to, but outside the company network. Neighboring APs may not pose an immediate threat, but they do leave your company information exposed.


Ad Hoc Associations: Peer-to-peer wireless connections involve workstations directly connecting to other workstations in the same network. This facilitates file sharing or sending documents to a wireless printer. Peer-to-peer traffic generally bypasses network-enforced security measures like encryption and intrusion detection, making it even more difficult to detect or track this kind of data theft.


Unauthorized Access Points: Basic models of access points are easily available in the market. The existence of an unauthorized and unsecured AP installed intentionally or otherwise becomes an easy backdoor entry point into the company network. These unauthorized APs can be used to steal bandwidth, send objectionable content, retrieve confidential data, attack company assets, or even worse, attack others through your network.


Malicious Workstations: Malicious workstations eavesdrop or passively capture traffic in order to find passwords, log in information, email addresses, server information, and other company data. These workstations pose very serious risks and can connect to other workstations and APs. They redirect traffic using forged ARP and ICMP messages and are capable of launching Denial of Service (DoS) attacks.


Malicious Access Points: Attackers can place an AP inside or near company networks to steal confidential information or modify messages in transit. These attacks are also known as man-in-the-middle attacks. A malicious AP uses the same ESSID as an authorized AP. Workstations receiving a stronger signal from the malicious AP associate with it instead of the authorized AP. The malicious AP then modifies the data exchanged between the workstation and the authorized AP. This poses a great business risk because it allows sensitive data to be modified and circulated.


The rogue wireless device problem is one of the primary security threats in wireless networking. It’s capable of disclosing sensitive company information that if leaked, could be damaging to the organization. The first step to assess and mitigate business risks from wireless rogue devices is to detect them. Are you equipped to identify and detect rogue activity in your network?

  • We had to deal with this in our 5000+ store environment in a past life....

    A little SNMP, ARP table data, MAC addresses, a little vendor info, and some perl allowed us to find them and reduce risk...

  • I've discovered rogue AP's on clients' internal networks when staff wanted wireless and couldn't get it due to budgeting or corporate policy. 

    But plugging an AP into an internal corporate network for personal convenience does more than open a hole into a company's security (which is bad enough, and grounds for dismissal, and even legal action).

    It can also put a rogue DHCP server in play, resulting in corporate PC's and printers going unavailable as they renew leases with the AP's DHCP subnet.  Then lost production hours for the affected users, for the IT staff tracking down the rogue, for administrators and managers, for Help Desk . . .

    It's a bad thing.

THWACK - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Customer Portal
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.