Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Network Performance Monitor (NPM) > What are rogue Access Points (AP)

What are rogue Access Points (AP)

Table of contents

Updated May 10, 2017

Overview

This article provides information on rogue Access Points (AP). 

 

Environment

Orion Platform version 2012.0

Detail

A rogue AP is a wireless access point that has gained access to a secure enterprise network without an explicit authorization from the network administration team. These unauthorized rogue access points open wireless backdoors to wired networks.

The following are classifications of APs:

  • Unauthorized APs - Introduced by employees within the organization but without any detrimental intent.
  • Insecure APs - Bypass network security owing to airspace proximity.  For example, a WiFi device brought by an employee.
  • Malicious APs -  Actual rogue APs that pose a security threat. Malicious APs are characterized by the following:
    • Skyjacking attack. Vulnerabilities within device access points could be used by remote attackers to convert an authorized AP into rouge by taking full control over it.
    • Planting a malicious rogue AP within the office space disguised as a trusted AP.
    • Rogue APs can also trick MAC addresses used by legitimate APs or try to mimic your own WLAN's SSID

 

While all of these malicious and non-malicious APs need to be monitored, it is the responsibility of the network administrator to ensure the malicious ones are contained and eliminated.

For more information, see the following THWACK discussion:

MONITORING ROGUE ACCESS POINTS IN YOUR WLAN

 

 

 

 

 

 

Last modified
23:44, 28 May 2017

Tags

Classifications

Public