Protect Yourself Against Rogue Wireless Access Points update from November 2005

"It gives access to the company network, and that can be a problem," Daley says. "But they're not usually as big a problem as they used to be. In the early days of wireless networking, they used to be much more common, but with the wide adoption of wireless, users are less motivated [to use] these kinds of unauthorized APs."

The other kind of rogue is the decoy or "evil twin" AP. Some digital miscreant sets up an AP of his own with a service set identifier that makes it look like it's a company access point. This certainly is malicious and though it doesn't give access to your network, it can give someone else access to your company secrets. Users confident that they're logging into the company site could unwittingly give away everything from passwords to corporate information.

The way you find rogue APs of either variety is to sniff them out. This can be a process as simple as popping open your laptop and seeing if something is suspicious in the available networks dialog box or investing in overlay systems to continually sniff the air for rogue SSIDs.

"The good news is that legitimate enterprise APs now have a built-in feature to intermittently sniff the air for rogues, so you don't necessarily need overlay equipment," Daley says. "That's pretty good for 90% of rogue situations. Most organizations are pretty good about sniffing the air and comparing MAC addresses with a database of authorized APs."

On the other hand, it wasn't always that way. Though self-sniffing APs are now the rule rather than the exception, there's a possibility that any company that invested in wireless networking back in the old says of even a couple of years ago can't count on that kind of protection."The fat APs that were first rolled out in organizations didn't have that feature," Daley says "But they didn't provide much centralized control, and that market has begun to move to a more centralized model of wireless LAN suites."

The problem is that the replacement cycles are just starting now, so it's entirely possible that an organization in the first wave of wireless adoption isn't equipped to detect rogue APs. If the upgrade is still a while off, it might be wise to invest in sniffers. Above all, with wired and wireless networks becoming increasingly integrated, it makes a lot of sense to deploy intrusion protection systems (IPSes) to protect the whole network.

"Make sure that you consider wireless to be an integral part of your network and address security accordingly," Daley says. "I don't expect wireless to replace the wired network, but I do expect it to coexist, especially with VoWLAN (voice over wireless LAN). That means that you have to treat the network as a whole."

Even though it is often an afterthought to an organically grown wireless network, Daley says that a wireless policy is absolutely critical. "You have to define what your wireless policy is," she says. "Some companies simply say 'we don't allow wireless,' but that isn't a policy. It inadvertently allows wireless and invites users to set up rogue APs. You have to be realistic."

Finally, organizations need to have a strategy for merging their wired and wireless networking policies. "This is really important," Daley says. "Because the networks will merge. You need to know how you are going to handle them in the future."0