Rogue AP

What is a Rogue Access Point

A rogue access point is an AP that is connected to a company’s physical network infrastructure but is not under that company’s administrative control. This could arise if an employee or student naively brought in a home WiFi-enabled router and connected it to the company’s infrastructure to provide wireless network access. This act introduces multiple threat vectors to the company, such as:

1. Insecure wireless authentication – the rogue AP might only support a deprecated and insecure encryption standard, such as WEP. Or even worse, be purposefully configured with open association and authentication.

2. Inappropriate attachment – the user could also physically attach the AP to a network port in a secure area of the network, or in an area without appropriate firewalling between it and sensitive information.

3. Inappropriate location – the AP could be placed close to the perimeter of a building, meaning that someone could listen in on the company’s network.

It’s clear that rogue access points are something we need to protect our business-critical WLAN and networks.