Show
Contents ● Wi-Fi Cloud Help The most common wi-fi threats to your wireless network include:
WatchGuard Wi-Fi Cloud WIPS can detect and prevent these types of wireless threats:
Over-the-Wire Threats
Over-the-Air Threats
One of the most common wireless security threats is the rogue access point—it is used in many attacks, both DoS and data theft. Many other rogue access points, however, are deployed by employees wanting unfettered wireless access—these access points are called soft access points. Other rogues are located in neighboring companies using your network for free access. Typically low-cost and consumer-grade, these access points often do not broadcast their presence over the wire and can only be detected over-the-air. Because they are typically installed in their default mode, authentication and encryption are not enabled, thereby creating a security hazard. Because wireless LAN signals can traverse building walls, an open access point connected to the corporate network the perfect target for war driving. Any client that connects to a rogue access point must be considered a rogue client because it is bypassing the authorized security procedures put in place by the IT department. This topic includes the following: What is a Rogue Access Point?A rogue access point is a device not sanctioned by an administrator, but is operating on the network anyway. This could be an access point set up by either an employee or by an intruder. The access point could also belong to a nearby company. These are some reasons to suspect that an access point is a rogue:
How Are Rogue Access Points and Rogue Clients Identified By Controllers?Wireless radios automatically scan the RF spectrum for other access points transmitting in the same spectrum. The RF scans discover third-party transmitters in addition to other Juniper radios. Controllers consider all non-Juniper transmitters to be suspects (potential rogues) by default. If the device is a Juniper device, but the MAC address is not in the appropriate database, a series of rules determine whether that device is a rogue. Once an access point is declared a rogue, it is reported by MSS:
How are Rogue access points and Rogue Clients Classified as Rogue?Controllers use a set of rules, illustrated in Figure 1, in order to classify unknown access points as either members, neighbors, suspects, or rogues. Figure 1: How Scanned Information is Used to Classify Access PointsThe definition of each classification-–member, neighbor, suspect, or rogue—is listed in Table 1. Table 1: Classifications Define a Rogue
You Can Change Some Rogue Classification RulesClassification rules are either built-in or selected by you from a set of pre-defined rules. Built-in rules are constant and cannot be changed. User rules are the rules that let you configure certain classification behaviors. Notice that the first classification rule eliminates access points in the rogue list and cannot be altered. Two configurable rules default to rogue classification and you can set a third to classify the default condition as rogue.
What Harm Can a Rogue Access Point Do?Rogue access points and their clients undermine the security of an enterprise network by potentially allowing unchallenged access to the network by any wireless user or client in the physical vicinity. Rogue access points can also interfere with the operation of your enterprise network. Rogue access points can do the following damage:
What Can I do To Prevent Rogue Access Points?There are a number of actions you can take that make it more difficult for a rogue to penetrate your network. See Table 2 for details. Table 2: Preventing Rogue Access Points
How Do I Prevent a Benign Access Point From Being Classified as a Rogue?access points belonging to your mobility domain are never classified as rogues. Presence of third-party access points on a permitted SSID list or OUI list does not guarantee that the device will not be classified as a rogue for other reasons. The only sure way to be sure a non-mobility domain device is not classified as a rogue is to add the device or vendor to the neighbor list. Neighbors are devices known to be part of a neighboring network and non-threatening. Vendors can also be added to the neighbor list, so that all of the devices from that vendor become neighbors. What is a rogue access point attack?A rogue access point — or rogue AP — is a wireless access point plugged into an organization's network that the security team does not know exists. While rogue access points can be used as part of a coordinated attack, employees unaware of proper cybersecurity protocol often install them.
How do rogue access points connect to a network?A rogue access point could be a small wireless access point plugged into an existing firewall or switch, or into an unused wall network connector (like at a personal desk), etc. It could be a mobile device attached to a USB that creates a wireless access point, or even a wireless card plugged into a server.
Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit?Evil twin attack – This attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
What type of attack is done when the attacker tries to create rogue access points so as to gain access to the network or steal information?An evil twin attack is a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user's knowledge. An attacker can easily create an evil twin with a smartphone or other internet-capable device and some easily available software.
|