MicroNugget: How to Contain Rogue Access Points in a WLAN

Показать описание

In this video, Keith Barker covers containing rogue access points in a wireless network. If you're running a network, the last thing you need is one of your users finding their way to a malicious network that's spoofing your SSID. Find them and stop them with WLCs.

Large corporate infrastructures or places like airports are common targets for malicious actors to set up a network that looks and feels a lot like your own. They're on the hunt for your users. If they can spoof your network and SSID successfully, they can get one of your users to use their system and compromise them. Then they might turn that device around and use it for a man-in-the-middle attack on your own network and eavesdrop all the traffic that passes through the device.

But wireless LAN controllers are always listening to their downstream access points, who are - in turn - scanning other channels and reporting back to their WLCs what other access points are broadcasting in nearby ranges. The WLC registers those rogue access points, and if you know how to find that registry, you can act to contain the threats.

Start learning with CBT Nuggets:

Рекомендации по теме

Комментарии

Wonderful video. Superb information presentation. Really enjoyed it!

IhorSirishtan

love all your videos. thanks for the micro nugget

ChrisGagnonDIY

Great questions.

The documentation I was just reviewing (from Cisco's site) said that the rogue containment uses between 5-10 percent of the AP's performance, with a cap of 30%, but I didn't see specifics as to how often the flood of deauth messages would be sent.

If the offending AP was in the same frequency bands as our production APs, then that could hurt performance, but the APs would be told to move to a new band (by the wlc) to avoid interference.

Thanks for the questions,

Keith

KeithBarker

Keith, a couple questions.
1. At what interval do the "deauth" messages broadcast?
2. Could the additional noise affect network performance?

Thanks for another great video!

armyguy

Thanks for the video. Is a "Deauthenticatication attack" the same as the "Disassociation attack"?

adedejiemmanuel

What I don't understand is that if you have an access point plugged into your network that isn't managed by the WLC, then how come you need to scan for it with your APs? Wouldn't it come up over the wired traffic?

markustoomiste

MicroNugget: How to Contain Rogue Access Points in a WLAN

MicroNugget: How to Contain Rogue Access Points in a WLAN

Rogue and aWIPS Detection with the Cisco Catalyst 9136I Access Point

Rogue Networks

30 - Rogue APs (Unauthorized Access Points) Explained: Risks and Solutions

Beware of rogue devices on your network. #cybersecurity #hacker #beginner #tutorial #training

Rogue Access Points and Evil Twins - SY0-601 CompTIA Security+ : 1.4

Hack Using a Rogue Access Point: Things I Wish I'd Known Earlier

MicroNugget: How to Use Wireshark to Reinforce Our Learning

Cisco Meraki AirMarshal Spoof SSID

WatchGuard Wi-Fi Threat - Rogue Client

MicroNugget: What is Wireless Sniffing?

Rogue Access Point and Evil Twin

Manna from Heaven: Improving the State of Wireless Rogue AP Attacks

Creating a Rogue AP (2018)

inCyber Security - Rogue Access Points

MicroNugget: How to Investigate Autostarts

MicroNugget: How to Configure a Juniper J2300 to Send Syslogs to a STRM

Wi-Fi Threat Category: Rogue Access Point

Finding Rogue devices (DHCP routers and misconfigurations) quickly and easily

13.1.14 Locate a Rogue Wireless Access Point

Security + 1.2 Rogue Access Points

Rogue Access Points and Evil Twins - CompTIA Security+ SY0-501 - 1.2

WiFi attacks Rogue Access Point

Why Your wifi AP killed by another wireless Access Point (who is rogue)