Wireless Network Administration: Rogue Access Points

One of the biggest problems that network administrators have to deal with is the problem of rogue access points. A rogue access point is an access point that suddenly appears out of nowhere on your network.

What usually happens is that an employee decides to connect a notebook computer to the network via a wireless computer. So the user stops at Computers-R-Us on the way home from work one day and buys a Fisher-Price wireless access point for $25 and plugs it into the network, without asking permission.

Now, in spite of all the elaborate security precautions you’ve taken to fence in your network, this well-meaning user has opened the barn door. It’s very unlikely that the user will enable the security features of the wireless access point; in fact, he or she probably isn’t even aware that wireless access devices have security features.

Unless you take some kind of action to find it, a rogue access point can operate undetected on your network for months or even years. You may not discover it until you report to work one day and find that your network has been trashed by an intruder who found his or her way into your network via an unprotected wireless access point that you didn’t even know existed.

Here are some steps you can take to reduce the risk of rogue access points appearing on your system:

  • Establish a policy prohibiting users from installing wireless access points on their own. Then, make sure that you inform all network users of the policy and let them know why installing an access point on their own can be such a major problem.

  • If possible, establish a program that quickly and inexpensively grants wireless access to users who want it. The reasons rogue access points show up in the first place are (1) users need it, and (2) it’s hard to get through channels. If you make it easier for users to get legitimate wireless access, you’re less likely to find wireless access points hidden behind file cabinets or in flower pots.

  • Once in awhile, take a walk through the premises looking for rogue access points. Take a look at every network outlet in the building and see what’s connected to it.

  • Turn off all your wireless access points and then walk around the premises with a wireless-equipped notebook computer that has scanning software, such as NetStumbler, looking for wireless access. (Of course, just because you detect a wireless network doesn’t mean you have found a rogue access point — you may have stumbled onto a wireless network from a nearby office or home.)

  • If your network is large, consider using a software tool such as AirWave to snoop for unauthorized access points.