Wednesday, March 2, 2011

Prowling the Network for a Rogue Wireless Access Point

Prowling the Network for a Rogue Wireless Access Point
By way of review, a wireless access point (WAP) is a device that allows wired communication devices to connect to a wireless network using Wi-Fi or Bluetooth. The WAP usually connects to a router and can relay data between wireless devices, such as computers or printers and wired devices on the network. Prior to wireless networks, setting up a computer network required running tons of cables through walls and ceilings in order to deliver access to all the devices in the building. With a WAP, network users can add devices that access the network with fewer cables.

Wireless access is convenient and increases flexibility but at the same time security becomes a larger issue. Wired networks usually base the security on physical access control, but if wireless access points are connected to the network, anyone close by could connect. In fact, major data thefts have been initiated by attackers who have gained wireless access to organizations by connecting wirelessly to access points inside the organization.

Most often, the hardest part is convincing IT that there is an actual wireless network security breach. Fortunately, solutions like Wildpackets OmniPeek Network Analyzer make looking for wireless signals easy.

When I suspected a breach on a customer's network, I immediately turned to OmniPeek and produced a quick demo. My first step was to check the peer map for unencrypted connctions (see illustration below).

The IT guy said that there was no problem. After I reviewed the header of an email that he had just sent, I asked him if he was sure. There was an address on this plot, which was really close to the IP address of his mail server. After a bit of head scratching, he agreed.
Looking closer at the suspect IP address, it indicated that it was coming from a D-Link wireless router. But the company didn't have any of those, so they assumed it "wasn't a problem". After offering a further explanation of rogue access points, they began to slowly agree.
In the end, OmniPeek convinced the IT department that there was a problem to be investigated - an unauthorized access point on a critical server. With tools like OmniPeek, it's easy to prowl through complex networks and identify security issues, but a well-rounded explanation of the problem is truly the key to keeping networks healthy.

No comments:

Post a Comment