According to Deraison & Gula (2009) detecting wireless access points is a major source of activity for many enterprise security groups and they suggest manual inspection and dedicated system audits as two methods that can be used for this task.
Manual audits
Conducting a system audit with a wireless enabled notebook computer or a PDA device and walking around the network premises will help locate any access points connected and transmitting wireless signals. This would require physical access to all locations of the network. Utilizing RF scanning systems would assist in pin pointing the access point locations much easily.
Dedicated auditing can use some of the techniques as below.
Centralized monitoring
There are solutions available that can utilize authorized access points of the company network to transmit any other wireless signals they detect to a centralized consol. Jim Geier (2003) identifies Air Wave as an example. By examining this data would help to identify any unauthorized connections from a central point and this method suits any large network.
Port scanning
Employing software tools to do a TCP port scan of the company network would list all devices with port 80 enabled. Port 80 is associated with HTTP protocol network traffic and Geier (2003) points this technique will detect web servers, printers and nearly all access points. This method would also suit large networks.
Nessus vulnerability scanner is an example of software that performs port scanning.
Once the access points are identified, further checks will be required to determine if the access point is really a rogue access point.
Check if default SSID is used
Check if SSID is set to broadcast
Check if default administrator account is accessible using default password
Check if MAC address filtering is used
Vendor name, device type, model
Security configuration
Check if encryption is used
Finding items in the above list with default values in use or no values set are indicators the access point is a rogue one according to Peláez (2004).
References
Deraison, R, Gula, R, 2009, Using nessus to detect wireless access points,
http://www.nessus.org/whitepapers/wap-id-nessus.pdf
Geier, J, 2003, Identifying rogue access points,
http://www.wi-fiplanet.com/tutorials/article.php/1564431/Identifying-Rogue-Access-Points.htm
¬Peláez, R, 2004, Auditing 802.11 wireless networks focusing on the Linksys BEFW11S4
Access Point, An auditors perspective, http://it-audit.sans.org/community/papers/auditing-80211-wireless-networks-focusing-linksys-befw11s4-access-point_121
Pacchiano, R, 2006, How to Track Down Rogue Wireless Access Points,
http://www.smallbusinesscomputing.com/webmaster/article.php/3590656/How-to-Track-Down-Rogue-Wireless-Access-Points.htm
No comments:
Post a Comment