Chapter 15 Rogue AP Detection
The friendly AP list displays details of all the access points in your area that you know are not a threat. If you have more than one AP in your network, you need to configure this list to include your other APs. If your wireless network overlaps with that of a neighbor (for example) you should also add these APs to the list, as they do not compromise your own network’s security. If you do not add them to the friendly AP list, these access points will appear in the Rogue AP list each time the NWA scans.
“Honeypot” AttackRogue APs need not be connected to the legitimate network to pose a severe security threat. In the following example, an attacker (X) is stationed in a vehicle outside a company building, using a rogue access point equipped with a powerful antenna. By mimicking a legitimate (company network) AP, the attacker tries to capture usernames, passwords, and other sensitive information from unsuspecting clients (A and B) who attempt to connect. This is known as a “honeypot” attack.
Figure 107 “Honeypot” Attack
If a rogue AP in this scenario has sufficient power and is broadcasting the correct SSID (Service Set IDentifier) clients have no way of knowing that they are not associating with a legitimate company AP. The attacker can forward network traffic from associated clients to a legitimate AP, creating the impression of normal service. This is a variety of
| 189 |
|
|