What is a Rogue AP

  • Wireless Access Points
    • Either hardware or computers configured to broadcast wireless LANs - especially with computers as base stations, AP should be registered
    • Each AP has an SSID (Secure Server Identification) - not necessarily unique
    • Used in infrastructure mode - each computer connects to the AP, rather than each other (ad-hoc mode)
    • Transmit beacons to show computers where they are and the signal strength
    • For a closed network (secured) network, in order to connect to a wireless LAN the computer would need to mutually exchange authentication management frames in order to associate with the network.
  • Wireless Security - how to keep information safe when using a wireless network
    • WEP (Wireless Equivalent Privacy)
      • Uses a 40-bit encryption key
      • Key easily broken
      • System known not to be secure - updated to WPA
      • Other weaknesses include packet collisions and alterations through encryption
    • WPA (Wi-Fi Protected Access) - also WPA2
      • Uses 128-bit key and 48-bit initialization vector
      • Uses TKIP (temporary key integrity protocol) - re-encrypts existing WEP encryption with new key and initialization vector that is unique for every packet
    • Rogue APs will be open and not use either of these security methods with your AP
    • Rogue Access Point
      • Essentially a fake access point made without authorization of a network administrator and use unsecured wireless networks
      • Not necessarily used as trojan APs, but still dangerous because information is unsecured
      • Users do not need to authenticate in order to connect to the network
      • Trojan APs reroute an existing signal through another computer and collects all IP traffic that runs through the network, such as passwords and other personal information
      • Called 'soft' APs when configured on a computer, rather than hardware form
    Uses of Rogue AP
    • Data Leakage
      • Data Sniffing of a user's sensitive data such as IP addresses, host names, and passwords.
    • Free Internet Access
      • Allows for free wi-fi to anyone in the vicinity of the rogue ap.This can allow strangers to use your internet connection for criminal uses.
    • Denial of Service Attack (DoS)
      • Makes a network unavailable to its intended users through attacks like IP spoofing where an attacker sends packets with a forged IP address which eventually flood the victim with overwhelming amounts of traffic.
      Subscribe to: Posts (Atom)