Now we have our rogue access point. Now a rogue access point is essentially a wild access point that just appears in our network that is intended for people to connect to it. Now. Why would someone want to come in to our network and set up their own wireless access point? Aren't they just giving us another wireless access point free? Well,
that's not the intention. What they're doing is they're setting up a wireless access point
with the hope that people will connect to it, and that wireless access point has been configured to monitor and sniff the traffic that's going through it. So we have our business set up and say We have a couple wireless access points and someone comes into our network and they just plug in a wireless access point into our wall,
and they configure it maliciously and set it up in the middle of the office.
Well, for a couple of our users, that wireless access point might have a stronger signal than the wireless access point in our network room. So what's going happen is users were going to say, Oh, I can connect to this wireless access point and have a faster connection. There's a stronger signal so connected that wireless access point and all of their traffic will be sniffed.
All of the packets that they're sending will be looked at. There might even be some certificate forging or some man in the middle attacks going on
and what they're doing on the Internet on what they're doing on the network can be tracked with that. What rogue wireless access point. This is also a very, very strong are very bad problem with going into a public location and connecting to a free, open public wireless access point. Because for all you know,
that person could just be sitting closer to you
than the actual stores wireless access point. And they're just hopping off the store's wireless access point and you're connecting to them and they're sniffing all of your traffic. So you have to be aware and be conscious that these rogue access points do exist, and not every access point that you can connect to is good
wireless acts. When you whenever you're connecting to a device and you're sending traffic through that device,
that device can see all of the things that you're doing on the network and can potentially tryto view that view that information steel. You're still your credentials. Steal your credit card information if you're going through the Internet and making purchases.
Still other information that you're putting in on the Internet that sensitive information, or could even try to launch attacks against your computer because you're now connected to their network
now rogue access point may not always be intentionally malicious. We may not always have someone setting up a rogue access point with the intention of capturing our data. Maybe there's someone in our office who were utilizing a 22.1 x and radius, and we have a company policy that you are not allowed
your personal devices to the company network So you're not allowed to connect your phone or connect your personal laptop to our work network. Because of our security posture, we can't secure your home. You can't. We can't secure your personal laptop. We can't secure your phone
so we're not gonna allow them on our network because we don't know the potential threat that they may bring into our network.
Well, someone decides that they're gonna hold a conference and they have sales people coming in from other companies, and they want all of these people to be able to use their their devices on our wireless network. But they were denied. They were told that no, we can't ensure the security of our network. We're not going to allow them on our network, so they just go down the best five. They buy a wireless access point,
and they say, Well, I'll just plug it into this port in the wall that gets Internet
on. Maybe they plug it into that port in the wall that gets Internet, it tries to. It begins trying to negotiate and trying to connect to the Internet. And it may be it does successfully connect to the Internet. And then once it does, we're gonna have a major problem because that wireless access point is not secured by us. But it is a gateway into our network.
So maybe someone else who is
around the office maliciously sees that new wireless access point they're able to connect him to that one because the purchase the person who set it up, was not part of our I T team. They weren't able to set it up securely, and now they can hop into that rogue access point that our employees set up and they're into our network.
Road access points can also produce a lot of problems in our network
if they're doing things such as be HCP. If we have a rogue access point on our network, which is handing out I p addresses, then we're gonna have major conflicts on our network. People who are closer to that rogue access point into our D A. TCP servers may start getting false. The http addresses may not be able to access, network resource is and
And then what we have to do is we have to go in. We have to track down that rogue access point. We have to track down that road device and remove it from our network. That's no, no, that's another reason. And that's another strong proponent for having our port security having port security. Having a 22.1 X on all of our switches
helps prevent that road access point from being able to connect through our network to the Internet. To begin with,
we still need to we still do need to watch out for them because they still could sit there and try to hand out D H C P addresses hand out different configuration information that completely messes up some of the devices that are already on our network. So we need to be careful. We need to watch out for those rogue access points. And we need to make it very clear
in our net and are acceptable use policy for our network
that people are not allowed to bring in and set up their own wireless access points in our network.
So you may hear of something called an evil twin when we're talking about our wireless security.
An evil twin is essentially a rogue access point with the same S s I. D. As a legitimate access point. Now, this is something that is very obviously malicious. Someone is coming into our environment. They're setting up a rogue access point
and they set it up with the same S s I d. So that it looks like it is a legitimate access point.
So now other users and our network will begin trying to connect to it. The extremely bad thing about a evil and evil twin rogue access point is because it has the same S s i. D. As a legitimate access point, users may begin entering in the pre shared key for our actual wireless access point.
Someone can take in, take a rogue access point,
set it up with the same s s i d and configure it so that it requests a key and then it proceeds toe log all of the keys that are in entered into it. So So if you come into work one day, pull up your work laptop and then say, Oh,
there's a they set up a new wireless access point. It has the same s s i d. It's It's a straw. It has a stronger signal. Let me connect to this one. It pops up and asks for the key. And so you reach in your locked drawer and you pull out your sticky note that you wrote your appreciate key on which you shouldn't have been doing, and you proceed to enter that appreciate key into the wireless access point
and it doesn't let you connect.
It doesn't let you connect, you say there's something wrong with us. And maybe third time's the charm, and it lets you connect. Or it's configured to for the third attempted access toe. Let the person connect, and it's now logged your three attempts at entering in the key, as well as the three or four other people that have attempted to enter the key.
And now whoever set up that evil twin
has the legitimate pre shared key to our actual wireless access point. Or they could be having credentials passed to them from our from our computer, trying to pass that evil twin access point credentials to connect into our network. So we need to be. So we need to be on the lookout for these rogue access points in these evil twins
and the ways that we can mitigate some of these.
If they are intentionally malicious and we're not gonna be able to mitigate people unintentionally setting them up in our environment with a acceptable use policy, then we need to mitigate these by scanning for unauthorized wireless access points.
Now we're scanning for wireless when we're scanning for unauthorized wireless access points. What we're doing is we are using software that allows us to see what why was access points are are sending out signals in the air By doing this and keeping an eye on this, it gives us a better idea, and it allows us to
more successfully tracked down
and eliminate these rogue wireless access points. Ah, lot of this software we can set up so that it can be we can set up and configure it so that it can actually help us track down the physical location of these devices as well.
What we may also be interested in is something called a whips, which stands for a wireless intrusion prevention system, a wireless intrusion prevention system, our devices on our network, which in which their job is to sit out on our network,
listen for devices that we have way. When we set up our wireless intrusion prevention system,
we tell them, and we configure them with the devices that are on our network that are legitimate, and as soon as they see an illegitimate until illegitimate device come on our network, it attempts to turn it off that attempts to send the authentication packets it may, it may set up an alert tow us to let us know that there's an unauthorized device on our network,
but we actually have an active device
We have our I. D. S and R I P p s. We have our intrusion prevention system that tracks on lit and listens for intrusions in on our network, through malware or through people trying to port, scan or connect into our network.
A wireless intrusion prevention system. A w I ps
is does that for rogue access points. So if we do have, if we are that concerned about rogue access points or evil twins or for having that big of a problem in our environment and just scanned manually, scanning for unauthorized wireless access points isn't cutting it than a wireless intrusion prevention system may be our next step.
So our last tip in our last mitigation strategy is also don't connect to devices that you don't recognize and don't just
for no reason, connect to open wireless access points if you're out and about. If you're at work and you see an open wireless access point and you're you're at an airport or at a hotel and you say, Oh, look, there's an open wireless access point has a really strong signal. Let me connect to it and do my banking. You might want to reevaluate what you're doing there.
If it's a wireless, if it's an open wireless access point or if it's a wireless access point that you don't recognize,
it could very easily be compromised. It very easily could be a malicious wireless access point. Even if it is a hotel's wireless access point or airports Wireless access Point. You don't know what their security posture is. You don't know how well they locked down their devices and how law, how well they keep malicious intruders out of their network.
So you need to be very careful
when you're connecting over wireless access points that you don't recognize wireless access points that you don't manage or that are not in your work environment because you can't inherently trust them. You don't You don't know how you don't have a level of trust with them equal to that of your own environment,
saying they want to do things when you're connecting to these public wireless access points
or these non non, extremely high security wireless access points, you may want to do things such as connecting to a VPN virtual private network so that all of your data is tunnelled and encrypted so that even if there is someone on that network trying to sniff for data, your data is tunnelled and encrypted, so it's a little bit more protected.
make sure that we know are different wireless intrusion and wireless threats that are out there on our networks. Everything from war driving, war, chalking weapon, Dubbie P. A. Cracking to our rogue access points and our evil twins. Make sure that you know some of the signs for them, watch out for them
and then perform our mitigation strategies and keep our wireless act and our wireless access points and our wireless network secure
because they are another gateway into our network and they're just as important is locking down our ports and locking down our physical switches.