Rogue AP Detection and Locatio

 
A common problem with WLAN or wired LAN implementations is that users
can easily add their own APs to the network. Obviously, this creates a large security
risk as anyone can connect to these APs and they are usually not configured
securely. In the past, rogue APs were usually discovered by a network or security
administrator roaming through the building using a utility such as NetStumbler
to identify any unexpected APs.With the Cisco wireless-aware LAN framework,
rogue APs can be automatically detected, located, and disabled with minimal
intervention of the network administrator.
The Cisco wireless-aware framework makes finding these rogue APs easy due
to its new RF scanning and monitoring features.With the wireless-aware framework,
scanning is performed by authorized APs on the WLAN as well as client
wireless adapters.This is a break from traditional manual scanning and actually
goes far above and beyond automated scanning as it includes data input from the
client wireless adapters as well as authorized APs. Because of this feature, a much
wider physical range is covered in the scanning, so chances of finding rogue APs
in “dead zones” is greatly improved.
All of the information coming in from the client wireless adapters as well as
the WLAN’s authorized APs is compiled by WDS and accessible through the
WLSE.This gives a single point of reference for keeping track of all of the
WLAN data including any identified rogue APs. Figure 1.15 shows the Cisco
WLSE Location Manager displaying an identified rogue AP.