Asked: What is the best IT Security measure to Protect against Rogue Wireless APs on a Corporate Network?

I'm an Sr. Enterprise IT Security Analyst new to a large corporation which ive been tasked to fix our broken Wireless Rogue AP process and this is not my area of expertise.I'll give you some background of the current situation.

Currently they are using a Cisco Wireless Control System,
To manage their wireless network. Until I speak with network sustaining ops I'm not sure how the tool is used, but what I do know is the tool is setup to detects Wireless APs at a certain decibel threshold which generates an alarm in our Putty database which then kicks off a ticket in our service desk and our techs go out with a software tool trying to find the AP.

We've done some talking and came up with a few ideas:
1.Increase the AP range by putting another WAP in place to triangulate the signal and raise the threshold to avoid false positives.
2. Add on a Cisco software that allows you to blacklist and whitelist APs, with the down side being you can cause a DOS on someone you are denying that can cause reprocussions to us.
3.Looking at a product called Watchguard

I want to minimize the amount of tickets and time our techs are out looking for Rogue APs as most of them are cell phones or non threatening but we still need to keep an eye out as someone could hook up a Mifi and try to connect.

I need a solid solution with a low risk rating from people with experience with this issue pls. We are a large corporation with offices all around the world.

Thank you for your time.


Another thing you should probably do is grab the mac address of the AP in question.Then look up the vendor. That will tell you right away if you're dealing with a phone.May save you some time.

i would say just create a white list of devices that are allowed and have the network reject other devices. as well as setting it to the lowest radio output to help reduce the chances of a man in the middle attack. now this is not fool proof as if your users have their devices to auto connect to the network then anyone can perform a man in the middle attack and fool both the client and sever without either party knowing what is going on.
you can contact me via email

Got a better answer? Share it below!

Tagged with:

Filed under: Home Security Questions

Like this post? Subscribe to my RSS feed and get loads more!