Rogue Access Points

Rogue access points are a significant problem. They fall into three classes, depending on who introduces them to the environment.

The first class of rogue access points are those that are introduced into the office environment by employees who are trying to “improve” the network without bothering the IT group. The employees may need extra WiFI capacity  for testing or development purposes, or they may be trying to enable a stronger wireless connection in remote parts of the building. In either case, the access points are typically not under the oversight of the network or security teams. Important security configurations may be missing.

The second class of rogue access points are those that are owned by businesses that are located close enough that their signal reaches into your office space. This unintentional overlap of WiFi signals can cause network bridging when one or more of your corporate devices connects to both your network and to the foreign network. This becomes an unsecured entry point into your network.

Finally, the third class of rogue access point are those which are introduced into your environment for malicious purposes. The “pineapple” is the most famous type of malicious access point. Pineapples are more powerful than typical access points; they use multiple radios and are able to interface with hundreds of devices at a time, rather than just a few dozen. Moreover, the Pineapple’s web interface is optimized to execute complicated network attacks, such as man-in-the-middle (MITM) attacks.

For effective IoT security, it’s important to operate from a perspective of zero trust. Assume that any and all devices and activity are potentially malicious, and monitor your airspace to detect and identify any compromise or suspicious activity.