(1) A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world. Ethernet jacks are ubiquitous, and it is a simple task to plug in a Wi-Fi (802.11) access point in order to provide wireless connectivity to anyone in the vicinity. For example, marketing might want wireless access for their traveling sales reps who always bring laptops. Consumer-oriented access points often do not have management interfaces and do not identify themselves on the network.
Rogue access points can be detected by performing a walking audit around the facility with sniffer software in a laptop or mobile device. More reliable approaches are to install probes that constantly monitor the wireless network looking for changes or install server software that monitors both wired and wireless sides of the network. See also
rogue site.
(2) An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an "evil twin," the rogue AP picks up beacons (signals that advertise its presence) from the company's legitimate AP and transmits identical beacons, which some client machines inside the building associate with. As long as wireless security is enabled, this type of attack cannot compromise the user's machines. However, it can cause harm by slowing down the connections or causing users to lose connections with the real network.
Wireless Intrusion Detection
The BlueSecure RF sensor was designed to detect rogue access points and peer-to-peer (ad hoc) clients as soon as they appear on the network. Used with BlueSecure software, the system scans for a variety of suspicious activities such as war driving attacks. (Image courtesy of Bluesocket Inc.)