Face-off: Rogue wireless LANs can be eliminated

Marvin Chartoff of Unisys argues that IT departments can control and eliminate unauthorized wireless networks.

Rogue access points are among the greatest security threats in corporate America. Network technology has become so inexpensive and easy to set up that many office workers have configured wireless LANs themselves. They typically set up an access point in a conference room or other common area and plug into an enterprise network. Most are not thinking about security, which usually is turned off by default. Many IT departments are not monitoring the network perimeter for rogue access points if they haven’t been thinking about a wireless strategy.

Face-off forum

Debate the issue with Chartoff and Boyland.

How do you deter rogue access points? While the starting point should be a strong policy against them, including penalties for noncompliance, most companies don’t follow through on compliance. Having a corporate strategy and architecture established for the use of wireless technology also can help. Some business departments might be willing to fund an early deployment of your vision if you demonstrate the benefits they will achieve.

However, the best solution involves network perimeter security. There is no silver bullet, but there are a few techniques that can reduce the risk that rogue access points go undiscovered. Combined with a sufficient level of security on destination servers and applications, these techniques can close security holes opened by rogue access points.

A combination of wireless and wireline intrusion-detection tools can capture telltale signs of a rogue access point. If you have standardized on your desktop and laptop network interface card (NIC) vendors, the media access control (MAC) address of the access point typically will have a different vendor code than that of your official devices. The source MAC address of a packet from an end user also will be different than the address of the access point connected to the network. If you do an SNMP discovery or similar interrogation process, you might uncover an unidentified device that would merit further investigation. If your facility is small enough, you could use a radio frequency monitoring device from a vendor such as AirMagnet, and walk around with it to see if you pick up a signal from an access point. You also could use a laptop with a WLAN NIC and a standard WLAN client management utility. More sophisticated WLAN troubleshooting tools, such as AirDefense’s RogueWatch, can provide ongoing monitoring and collect additional information for pinpointing a rogue access point’s location.

Uncovering a rogue access point should be sufficient deterrence to employees who thought they could hide behind the anonymity of the network port in the wall. If you have a corporate-sanctioned wireless network, no doubt they would gladly use it.

IT departments had gained control of their environment since the last rogue device, the PC, was introduced over 20 years ago. Rogue WLANs are threatening to destabilize the environment again. With a sound plan for utilizing wireless technology and improvements in network management processes and tools for perimeter security, risks can be greatly reduced and employees will be back under IT’s control.

Chartoff is CTO of Global Infrastructure Services at Unisys. He can be reached at marvin.chartoff@unisys.com.