Rogue Access Points
A rogue access point is an unauthorized point of entry into the network that is used to access the infrastructure either from within the corporate environment or from outside the firewall. The ease of access to the wireless network combined with broad availability of standardized equipment makes it very easy for an intruder to purchase necessary equipment and “plug in” to the network with virtually no resistance.
From within an organization, an employee can bring unauthorized equipment and plug into the network from a break room, an unused cubicle or any open access point. Such ports to the network are routinely built into the structure of the office complex when the offices are constructed to allow the business maximum flexibility over time. In the same way, this gives employees maximum flexibility for unauthorized access.
The solution for internal introduction of rogue access points is rigorous network topology audits to assure that all internal nodes to the network are by design. While external intrusion using rogue access to the network is most likely to represent criminal intent, internal access is the greater threat because it can occur inside the firewall. It is likely that internal access is done for benign reasons such as desire to use the internet for chat or other recreational activates. However controls are necessary because an internal break in can occur by someone outside the company as long as they can access the port access points anywhere in the WAN or by disgruntled employees or employees with criminal intent. The good news is rigorous implementation and compliance with the WPA standards dramatically reduces if not makes external rogue access intrusion impossible. We will discuss the WPA standards later in this white paper.
Access Control methods
In light of what we now know about rogue access to the network, access control becomes the primary defensive mechanism for reducing or eliminating unauthorized access to the network. And of the access control tools and weapons, authentication holds the highest promise as a security approach that can provide effective protection. Authentication is so effective because it can be a response to both internal and external rogue intrusion to the wireless network. Other access control methods are limited to internal attack but they still deserve to be included in the computer security plan.
Physical access control however cannot be overlooked in importance. Internal rogue access of the wireless network occurs within the firewall and utilizes access points supported by the infrastructure of the company. So two primary controls should be reviewed for feasibility and security at those points improved to cut down or eliminate the potential of a security breach. First of all, securing those access points by physical restraints or other technological resources that the I.T. department can introduce will cut down on the temptation to internal users to access the network from an unused entry point.
Secondly, rigorous monitoring of network use is in order. Oftentimes software network “sniffers” or other system level intelligence can be integrated into the wireless infrastructure and appropriate alerts or automated responses programmed into the day to day operation of the network. If such precautions are utilized, security assurance in the wireless network will improve noticeably.