Security of Wireless Access Points

Wireless access points, or just access points (APs), are networking hardware devices that allow users access to a network. These devices are normally small and easy to install. Wireless access points fall into one of two categories: authorized and rogue. Also, each access point is configued to be either secure or open to users. 

Authorized Access Points

Authorized APs have been granted permission to be on the network by the network administrator. A network administrator should know every access point connected to the network. It is essential to be able to physically locate the access points. 

Authorized access points should have MAC addresses that are recognized by the organization's Address Resolution Protocol (ARP) tables. Authorized access points should be protected through security controls such as encryption algorithms (e.g., AES, RSA, EC, DH) and hash algorithms (e.g., SHA-1, SHA-2, MD5), authentication (e.g., WPA, WPA2, 802.1X), WLAN security policy enforcement, and frequent software patches.

Rogue Access Points

If there is an access point on the network that the network administrator did not authorize, then it is a rogue access point. Rogue access points, whether set up by malicious actors to lure potential victims or innocently by workers within an organization, present a security threat. Rogue access points are a common source of attack. Organizations need to ensure that they routinely search for and identify rogue access points and either authorize and secure them or remove them.

In some cases, access points are set up directly between two client devices. These ad hoc access points are rogue by default since they provide a vulnerable means for compromise because they are not directly managed by the organization's security team. 

Technology to assist organizations in determining authorized access points and squelching unauthorized access points is readily available.

Most often, rogue access points can be identified by cross-referencing the service set identifier (SSID) against a preconfigured list of approved access points. This is because rogue access points frequently broadcast SSIDs that are not approved by the organization. An SSID is a one- to 32-character alphanumeric string used to identify a wireless network. It is also referred to as the network name. SSIDs are continually broadcast by access points several times a second.

Rogue access points are vulnerable to certain attacks such as Address Resolution Protocol (ARP) poisoning, denial-of-service attacks, sniffing attacks to identify further vulnerabilities, and man-in-the-middle attacks. In some cases, spoofing legitimate access point SSIDs while providing a different log-in page can compromise sensitive user information. This type of attack is known as an "evil twin" attack (Saruhan, 2007). 

Although there are options available, such as SSID hiding to disable the broadcast feature, many cybersecurity experts disagree on whether the practice is more secure; nonetheless, it can assist with finding rogue networks. Hiding SSIDs is inconvenient for users, though. User computers and devices can continuously ping to find the router. This makes these routers more vulnerable against sniffing attacks.

For organizations to be better protected against rogue access points, organizations need to ensure they establish strict policies and classification rules to help identify rogue APs. Additionally, these lists require constant monitoring and updating so organizations become more efficient in identifying and remediating rogue AP issues (Juniper, 2015). With consistent detailed policy, vigilance, and efficient investigation, organizations can be better protected from rogue access points and the vulnerabilities they create.

Open Access Points

Open wireless access (or simply open access) is an access point that is insecure with no protection or access control implementation—there are no authentication and authorization mechanisms, or other security controls. For example, an authorized user might create an open access point by connecting a wireless station to an Ethernet connection and provide wireless access for other devices and users. However, if the network administrators are unaware of this new wireless station, it would be a rogue access point.

Unfortunately, this type of AP is so vulnerable to attacks that it presents potential for abuse by hackers for malicious or illegal intent. Open networks should be used with caution and should not be used for vital tasks like transferring sensitive information because other users can observe or sniff network traffic using tools such as Wireshark. On the other hand, they are convenient and free networks that can be used for minimal tasks like surfing the internet.

References

Saruhan, I. H. (2007, August). Detecting and preventing rogue devices on the network. SANS Institute. https://www.sans.org/reading-room/whitepapers/detection/paper/1866

Juniper Networks. (2015). Understanding rogue access points. http://www.juniper.net/documentation/en_US/junos-space-apps/network-director2.0/topics/concept/wireless-rogue-ap.html

Network Computing (n.d.). Protect yourself against rogue wireless access points. http://www.networkcomputing.com/networking/protect-yourself-against-rogue-wireless-access-points/768376782