In order to classify an SSID as rogue, we also need to look at the MAC addresses of frames on the wired side of the corporate APs. However, older APs without a dedicated listening radio can also be configured to utilize their access radios at specific times to scan for rogue access points, as shown below:Īir Marshal listens for 802.11 beacon frames sent out by APs that are “visible” to the corporate APs, then all the BSSIDs (advertising MAC address of the SSID) that the access point sees are categorized as either “Rogue SSID” or “Other SSID”. In order to identify a rogue AP, all currently available Meraki access points leverage their dedicated “listening” radio to continuously monitor the RF. So, it’s very clear that rogue access points are something we need to protect our business critical WLAN and networks from! What makes a rogue access point rogue?Ĭisco Meraki defines a rogue access point as an AP that is both “seen” on the LAN and is broadcasting SSIDs that are visible to the APs that make up the corporate wireless infrastructure. This is by no means an extensive list of threat vectors introduced by this potentially innocuous action.
Inappropriate location – the AP could be placed close to the perimeter of a building, meaning that someone could listen in on the company’s network.Inappropriate attachment – the user could also physically attach the AP to a network port in a secure area of the network, or in an area without appropriate firewalling between it and sensitive information.Or even worse, be purposefully configured with open association and authentication. Insecure wireless standards – the rogue AP might only support a deprecated and insecure encryption standard, such as WEP.
This act introduces multiple threat vectors to the company, such as: This could arise if an employee or student naively brought in a home WiFi-enabled router and connected it to the company’s infrastructure to provide wireless network access. What is a Rogue Access Point?Ī rogue access point is an AP that is connected to a company’s physical network infrastructure but is not under that company’s administrative control. This blog post shows how Air Marshal protects against one such threat, namely a rogue access point. A Wireless Intrusion Prevention System (WIPS), such as Cisco Meraki Air Marshal, gives companies the ability to ensure they are protected against threats to these WLANs. Wireless LANs are widely critical to the way companies work and are used to transact sensitive data (e.g.
#Meraki blacklist mac address series
This is the second in a series of blog posts that focus on wireless security and technology at Cisco Meraki. Don’t leave WIPS to the will of the force… Introduction
0 kommentar(er)
