Detecting & Locating Rogue Access Points

February 25, 2021 by John Piccininni
Read in 7 Minutes

As technology evolves, so do security risks. One of the most common issues facing organizations today is the prevalence of rogue access points. Unlike physical threats, these intrusive devices can easily go unnoticed and cause serious harm to organizations. It has never been more important to understand what rogue access points are and how to protect your organization from the security threats they pose.

What is a Rogue Access Point? 

A rogue access point (AP) is a wireless access point (WAP) installed on a secure network without the authorization or knowledge of the local network system administrator. Unauthorized wireless devices may be hidden within, or attached to, a computer system, or they can be attached directly to a network port or device, such as a switch or a router.  

Rogue access points are increasingly common, but their use is not just limited to bad actors. Rogue APs can also often be created by unwitting employees. Rogue APs pose a security threat because anyone with access to the premises can install an inexpensive WAP that can potentially allow unauthorized parties to gain access to a private network. 

What security threats do Rogue APs present? 

Rogue access points are one of the most common wireless security threats. They are used in many attacks including DoS and data theft. Many are, unfortunately, unwittingly deployed by well-meaning employees.  

Rogue access points can also be utilized by neighboring companies to use your network for free access. As they are typically inexpensive and meant for consumer use, these WAPs often do not broadcast their presence over the wire and can only be detected over-the-air using radio frequency (RF) scanning. They are typically installed in default mode, so authentication and encryption are usually not enabled, which automatically creates a security hazard.  

Because wireless LAN signals can traverse building walls, an open access point connected to the corporate network provides the perfect target for malicious attackers. Any client that connects to a rogue access point must be considered a rogue client because it is bypassing the authorized security procedures put in place by the IT department. 

In simple terms, rogue access points expose a network to unauthorized connections that are difficult to detect and can have serious security ramifications for organizations.  

One of the biggest adjacent security threats is the presence of eavesdropping devices, which can be used to steal sensitive information such as passwords or personally identifiable information. Companies should be proactive in protecting information, especially when considering the cost of a privacy breach, both financially and in terms of reputation. Some key areas that should be protected in a corporate environment include campus headquarters, C-suite and executive offices, boardrooms, call centers, and data centers.  

How does rogue access point detection work? 

Rogue access point detection works through sensors and radio frequency. Wireless radios automatically scan the RF spectrum for access points transmitting on the same spectrum. The RF scans can discover third-party transmitters in addition to other radios. 

Inpixon Aware gives you both visibility into your facilities and a robust wireless intrusion detection solution in a single, live security dashboard, so you can make key decisions around security, risk mitigation and public safety at scale. You can detect rogue access points within your facility and visualize them within a single near real-time security dashboard.   

How can you protect your organization from rogue access points? 

The first step is to educate your employees. By making sure they understand the threats associated with setting up wireless access points without the awareness or authorization of the network administrator, you can prevent the occurrence of many accidental rogue access points.  

Furthermore, known employee devices can be registered and whitelisted as authorized devices in an indoor intelligence platform’s rogue sensor detection and wireless intrusion detection systems, which must become an important component of organizational BYOD policies. 

Once you have addressed concerns about accidental employee-installed rogue access points, you can use an indoor security solution like Inpixon Aware to identify and locate rogue access points. By scanning and analyzing your indoor space’s transmitting environment, Inpixon Aware enables the visualization of your RF environment in the context of an indoor map 

 

How secure are your indoor environments? Book a consultation today to find out what steps you can take to keep your organization and its data safe. 

This blog post contains forward looking statements which are subject to risks and uncertainties. Please click here to learn more.

ABOUT THE AUTHOR
An industry veteran and leader, John Piccininni is a business development and channel sales management strategist who develops long-term relationships with channel partners and users to grow brands. During the past 25 years, John has built partner networks, opened markets worth several billion dollars, and managed large-scale, complex sales for sophisticated identity-based physical security solutions that span the globe. John holds an MBA from Loyola Marymount University.