Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

01 July 2008

Handling Rogue Access Points

Michael Gregg of Search Networking wrote an article there about the best methods for handling rogue access points.

He first wrote about the potential problems of allowing end users to add wireless devices to the company network without approval.
There are several potential problems with allowing end users to add wireless or other devices to the company network without approval. One big one is they may not employ the proper security measures. There is also the issue of maintaining control of the organizations infrastructure.
Then he gave some suggestions for handling those rogue access points.
All employees should know the rules regarding wireless and what can and cannot be plugged into the network. Policy enforcement will be easier if you have managed switches. You can disable unused ports and start restricting down active ones by MAC address filtering.
Ok! Warning your employees and having some written policies is fine, but it's not enough at all. How are you going to be sure that your employees will adhere to such policy!?

Now, with respect to disabling and enabling ports on demand, and writing MAC filters. Come on, we are in the twenty first century now. Such manual controls as enabling and disabling ports on demand is something from the past, and they are not effective as well. An employee can simply connect the access point to his already activated port. And maintaining those MAC filters on the switches will be a real pain in the butt for the IT administrators, especially in a dynamic environment where users move a lot.

I believe an appropriate solution for this instead of those pre-historic ones is doing some authentication on your switch ports. IEEE 802.1x is a decent solution that will ensure that only those devices with valid credentials are given access to your network. And if you've got a NAC solution, then most probably you can use it in order to apply some network access control.

He finally suggested using tools to detect rouge access points such as AirMagnet and Air Defense.
Next, find some tools that will let you scan for rogue access points. There are commercial tools that will do this such as AirMagnet and AirDefense, and if your budget is tight you might want to try an open source tools such as RogueScanner.
Fine, monitoring your network is a good practice, but you have to apply your controls first. Such scanning tools can hardly take actions against those rogue access point, they will just warn you, and the intruders will have enough time to traverse your network till you receive such event and take action.

Tags: , ,