Rogue Access Point Detection

In addition to their extensive hands-on experience, SECNAP’s professionally certified network security auditors utilize a unique, over-the-wire tool to evaluate security in your network, with a prime goal of detecting rogue access points (APs). Probing can be done remotely, over the existing IP network, and at virtually any frequency, from daily to annually.

By leveraging third-party support for specific projects such as intrusion detection and prevention, organizations can ensure that their IT staffs are able to remain focused on mission-critical responsibilities.

One of the most significant benefits of our Rogue Access Point Detection (RAPiD) service is the peace of mind you’ll experience knowing that your network is free of unauthorized APs that could enable malicious intrusion or compromise sensitive data.

Since there is no hardware to purchase or multiple sensors to deploy, this service is especially advantageous for clients with multiple locations—such as financial institutions with branches, investment firms with nationwide offices, income tax preparation locations, and similar businesses.

In addition, the service will:

• Scan the network on a routine, periodic basis specified by the client (daily, weekly, monthly, quarterly)

• Identify network hosts that are rogue access points

• Deliver an actionable report including IP address and any other known information regarding the AP

• Provide a benchmark for future RAPiD assessments

• Enhance the effectiveness of other security services, such as Wi-Fi assessments and external penetration tests.

Multiple Fingerprinting Techniques

Fingerprinting enables the efficient and reliable identification of devices on the network—including web servers, server software, operating systems and others—to aid in the detection of rogue APs. Various fingerprinting techniques are employed in support of this identification process, which may include:

• TCP/IP Fingerprinting
• HTTP Fingerprinting
• FTP Fingerprinting
• SNMP Fingerprinting

To ensure reliable identification, these techniques require either that the given service be accessible by the SECNAP IVAS hardware, or that at least one port be open on the network device.

Deployment of Internal Vulnerability Assessment Scanners

SECNAP deploys all Internal Vulnerability Assessment Scanner (IVAS) devices required per the assessment scope, including configuration and support of IVAS equipment and associated software licenses. After deployment in the client network, SECNAP auditors conduct periodic scans of client-specified network segments to determine if any hosts on those network segments are rogue APs.

These scans identify host name, MAC address, services running on the host, and other available information for each rogue AP. They are not designed to determine whether an unauthorized party has actually gained access through a rogue, or whether data has been compromised as a result. Additional audit services are available separately for clients who want to determine if a breach or unauthorized access has occurred.

RAPiD Reporting

Reports are delivered based on the client-specified frequency of RAPiD scans, and include all available information regarding each rogue AP. By monitoring routinely, and taking appropriate actions to eliminate rogues, clients generally experience a decline in the number of rogue APs detected over time, while new rogues are identified and addressed quickly.

Click here to request more information or a free consultation.