An example of simple rogue AP detection, courtesy of Cisco, where you’d see a list of other APs in the area. Credit: Cisco
For even more detection capabilities, some AP vendors offer a full-fledged wireless intrusion detection system (WIDS) or intrusion protection system (WIPS) that can sense a range of wireless attacks and suspicious activity along with rogue APs. These include erroneous de-authentication requests, mis-association requests, and MAC address spoofing.
Furthermore, if it’s a true WIPS offering protection rather than a WIDS offering just detection, it should be able to take automatic countermeasures, such as disassociating or blocking a suspect wireless client to protect the network under attack.
If your AP vendor doesn’t provide built-in rogue AP detection or WIPS capabilities, consider a third-party solution. You might look at sensor-based solutions that can monitor both Wi-Fi performance and security issues, from companies like 7SIGNAL, Cape Networks, and NetBeez.
Sign up for Computerworld eNewsletters.