|
Rogue AP Detection and Locatio
Dec 10,2006 00:00
by
admin
A common problem with WLAN or wired LAN implementations is that users can easily add their own APs to the network. Obviously, this creates a large security risk as anyone can connect to these APs and they are usually not configured securely. In the past, rogue APs were usually discovered by a network or security administrator roaming through the building using a utility such as NetStumbler to identify any unexpected APs.With the Cisco wireless-aware LAN framework, rogue APs can be automatically detected, located, and disabled with minimal intervention of the network administrator. The Cisco wireless-aware framework makes finding these rogue APs easy due to its new RF scanning and monitoring features.With the wireless-aware framework, scanning is performed by authorized APs on the WLAN as well as client wireless adapters.This is a break from traditional manual scanning and actually goes far above and beyond automated scanning as it includes data input from the client wireless adapters as well as authorized APs. Because of this feature, a much wider physical range is covered in the scanning, so chances of finding rogue APs in “dead zones” is greatly improved. All of the information coming in from the client wireless adapters as well as the WLAN’s authorized APs is compiled by WDS and accessible through the WLSE.This gives a single point of reference for keeping track of all of the WLAN data including any identified rogue APs. Figure 1.15 shows the Cisco WLSE Location Manager displaying an identified rogue AP. |