Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Handling Rogue Access Points

Rogue access points have become a sort of hot-button issue. Rogue access points are any wireless access points that exist on your network without the consent of the business. Even "secure" rogue access points that are connected to your network can pose a security risk. Preventing rogue access points can be a little tricky, although not impossible. Not only is it critical for use to find and remove rogue access points from your network, but it can actually be pretty fun!

We discussed in previous chapters the many different types of devices that could be used to create rogue wireless networks, as well as the potential for these devices to be deliberately placed on your network. Remember that regardless of the intent, a rogue access point does pose security risks.

Into Action

Rogue wireless networks have received so much attention that some compliance standards require businesses to specifically address them. For example, the Payment Card Industry (PCI) Data Security Standard, which is the security standard that companies that process credit card information must comply with, has the following requirement:

PCI-DSS 2.0: Test for the presence of wireless access points and detect unauthorized wireless access points on a quarterly basis.

Even though your organization might have to comply with PCI, this is still a great process to adopt.

Preventing Rogue Wireless Networks

There are actually very reliable ways to prevent rogue wireless networks from working on your network. You should note that I didn't say "prevent them from being plugged into your network." There's really no way to truly prevent rogue wireless devices from being plugged into your network. The best you can do is educate your users on the dangers of plugging rogue devices into your network and back up the policy with administrative discipline if users don't comply. As far as preventing outsiders from placing rogue devices on your network for malicious purposes, you have to rely on your physical security to do this. In addition, you should educate your users to notify the IT department if they notice anything plugged into a network jack that doesn't look like it belongs there.

Therefore, if you can't rely on preventing the devices from being plugged into your network, you should focus on preventing them from functioning properly once they are plugged in. Here are your best solutions for preventing them from operating:

802.1x (Port-Based Access Control)
Network Access Control
Port Security

802.1x Port-Based Access Control

Yes, good old 802.1x. You should be very familiar with it at this point. Remember that 802.1x does not allow a device to communicate past the authenticator (in this case, a network switch) until after the device has authenticated. For a more in-depth refresher of 802.1x, you should revisit Chapter 9. In this case, the network switch would play a role similar to that of an access point configured for WPA-2-Enterprise, and would be considered our 802.1x authenticator.

Just as with 802.1x for wireless networks, we have the flexibility to authenticate against a variety of backend systems. In figure 11-1, you can see we're authenticating to a RADIUS server, which authenticates the user against Active Directory. The same restrictions we covered in previous chapters can be configured here - restrictions based on user, group, or even time of day to grant or deny access to the network.

If you configure your switches to require 802.1x authentication, how will this prevent an unauthorized wireless network from operating on your network? The first and most important point is that an attacker should not have valid credentials for your network. Even if an attacker plugs a device with an 802.1x supplicant (client software) into your network. he won't be able to authenticate, and therefore the port will be useless to the attacker.

Most access points today don't have 802.1x supplicant software, so that prevents most devices from being able to even operate on your network. This would also prevent most regular inside users who try to plug a regular access point into the network because it would simply not work.

There is one situation that 802.1x would not help to prevent. If an insider (most likely with malicious intent) were to use a device such as a laptop to act as an access point, the user would authenticate to the switch using her credentials and than configure the wireless card on the laptop tom provide wireless services to other users (see Figure 11-2). In this scenario, 802.1x alone would have no way of preventing this action. You should note, however, that this is an extreme scenario, and if you have an inside user capable of doing this, you probably have a bigger issues on your hands.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268