Q: What are rogue access points?
A: Rogue access points are wireless access points disguising as a genuine access point. Attackers will deploy these near the real access point in hopes they trick someone into connecting to them. Often the access point will seem legitimate and allow full internet functionality, but in the background, an attacker is capturing all of your network packets. Non-encrypted traffic will be captured and an attacker could capture things like logins, documents, pictures, and credit card information.
Q: How can you tell an access point is a rogue access point?
A: The whole premise behind rogue access points is that they are supposed to look like a real, valid wireless connection. A give away could be spelling mistakes, or duplicate access point names in a list. If you have two networks with the same name, but one is unlocked, there’s a chance the unlocked one is a rogue access point.
Q: What can an attacker do if I connect to that access point?
A: All unencrypted network traffic is visible to an attacker. Even some encrypted traffic can be logged and decrypted by attackers. Most attackers will just log activity on their rogue access point so they can comb through it at a later time. They have no need to be actively monitoring the network in real-time.
Q: Are rogue access points the only possible hardware threat?
A: There are plenty of hardware tools attackers can use on unsuspecting victims. Rogue access points often will either just look like a router, or disguise itself as something else so it remains unnoticed. The latter is often the same as most hacking hardware tools. Things like “packet squirrel” is a great example of inconspicuous tools an attacker might use. It’s an ethernet-based man-in-the-middle device that is about 1 inch by 1 inch in size. An attacker will most likely have this device hidden at any highly cabled area. To the untrained eye, this device blends in with all other tech and wiring. IT personnel should always keep an eye out for unusual hardware.
Q: What should I look out for?
A: IT professionals should try and do routine sweeps of their facility for hardware devices. There are also software tools used to detect unknown devices like a rogue access point. Something like Pwnieexpress offers an easy user interface that can detect and help disrupt the suspicious device. Consider investing in software if you don’t have the time to search your facility.
Q: How can I protect myself and my business?
A: As mentioned in previous iterations of these Q&A’s, proper user training on accessing network security is key. Annual training on new threats can keep your workforce safe and ready for anything that they might come across. Another method would be to enforce physical security standards in your business. While this method may not necessarily prevent potential internal intrusion, it can aid in prohibiting external threats. This could be as simple as locking your server room door and only providing keys to IT personnel, or as sophisticated as RFID employee badges with privileged access to building areas.
This is the 6th part of an 8-part series. To learn more about cybersecurity and safe practices, check out the links below:
Phishing
Safe Internet Browsing
Social Engineering
Safe Passwords and Security
IoT + BYOD
Rogue Access Points
Penetration Testing
What to Do After a Data Breach
Next week, we will be discussing Penetrative Testing and the pros of thinking like a hacker. Remember to submit your questions to info@hvtdc.org.