Small Business Attack – Rogue Wireless Detection
The best way to prevent rogue wireless access points from appearing on your network is to set up the network to make it more difficult. Though it is more work to lock down a network to only allow connections to specific MAC addresses and on specific ports, it does go a long way to prevent unauthorized devices from magically appearing on the network.
Of course, this sort of approach is not always feasible. In those situations, you have to go one step further and run periodic scans for unauthorized devices. Commonly used in wardriving, tools like NetStumbler and Kismet can also be used to find WAPs in your own building.
Using such a tool, it is important to first identify what “normal” is. Begin with a visual scan of every network port in your location. Make sure that you’re not starting with a rogue WAP on your network. Once you have done a visual sweep, run one of the tools and get a feel for what is normally present in your environment. Then, after a day or so (sometimes more), you should have a list of the wireless networks around. Each of these should be tracked down and identified as legitimate.
Then, on a periodic basis, you can check for new wireless access points and make sure that the list isn’t changing on you. If it is, you might have a problem.
It is important, however, to stress that this is not a perfect solution. You will likely need to occasionally visually inspect your network and verify that there are no new devices floating around. You should make sure that no laptops are set up to bridge a connection to the outside world. You should do your best to lock down the network. Then, when you’ve done all you can do, scan to fill in the holes.