One of the primary ways we’ve been handling rogues is in direct violation of the FCC regulations in the United States, and I’m told similarly illegal in other countries. Let’s be honest, you’re all too pretty for prison. So then, here’s how to handle rogues without getting arrested or paying fines.
For the purposes of this post, we’re going to define a rogue access point (AP) as this.
A Rogue AP is an AP that is connected to the organization’s network, but is not authorized to do so.
Rogue APs are not your neighbor’s APs nor personal hotspots running on a mobile phone over cellular. While they’re rarely malicious, rogue APs introduce a suite of problems — it’s a huge security risk, and rogue APs will negatively impact the other (authorized) Wi-Fi in your environment.
Click the video at the top banner or bottom to watch the LinkedIn live on this topic.
The risks of rogue APs include:
- Exposing the internal secured network(s) to unauthorized users or devices
- Creating visibility gaps by bypassing enterprise Wi-Fi
- Impacting availability of the enterprise Wi-Fi by using airtime
- Increasing the chance of users/endpoints connecting to malicious APs
Rogue APs can be mitigated in one of three ways:
- Over-the-air mitigation (NOT recommended)
- Wired port mitigation
- Physical removal (best option)
Working in reverse order to get to the meat first — the BEST option is to physically locate and remove the unauthorized AP, and then have a serious conversation with whomever put it there. As always, your organization’s acceptable use policy for technology should address the use of bringing unauthorized and personal devices into the network, such as plugging in a rogue AP.
If you can’t physically locate the AP, start by finding it on the wired network and disabling the port it’s connected to. There are times when rogue APs may be hidden from view and you simply can’t find it without tearing through an office space and leaving it looking like a crime scene. In other cases, you may be managing remote sites and your manager hasn’t given you unlimited budget to hop around to remote sites for rogue hunting.
Lastly, rogue APs can be mitigated over-the-air, but this is not recommended and in fact is technically in violation of the FCC.
If you’re interested in more juicy details about the FCC ruling, how Marriott got slapped with a $600,000 fine, and more how-to details for preventing, finding and removing rogue APs, visit my other post on this topic of “How to Handle Rogue APs without getting arrested.”
As with all things in security, prevention is the best policy. Here are a few strategies to prevent rogue APs:
- Educate users on the risks of rogue APs
- Listen to users and address their needs so they don’t need to supplement the enterprise Wi-Fi
- Implement port level security through NAC or a similar tool and/or have unauthorized ports serve a black hole or Internet-only network
- Always have a method to monitor and alert on rogue APs, both on the wired network and over-the-air
- Ensure there’s a written policy strictly prohibiting rogue APs and enforceable actions for violations
Definitely check out my weekly LinkedIn live sessions for Security Uncorked and more Wi-Fi topics. I cover the topic of Rogue APs here- Wi-Fi Weekly: Rogue APs, Wi-Fi Design, and More (video).
Add comment