how to do a quick wireless audit

There has been a lot of attention paid to ensuring that rogue access points are not deployed with a corporation, which is understandable. After all, rogue access points, by definition, are deployed without approval of the CIO and/or corporate security organization. In a prior posting, I have discussed methods for identifying and controlling rogues.

Now, let’s look at the users of rogue access points. A significant risk to information security comes from users that use non-approved access points, either rogue access points or hotspots. The access points are merely avenues for potentially insecure communications. The danger happens when these access points are actually used.

 What could be the problem with using an unauthorized (rogue) access point or a convenient hotspot? There are three problems that jump to mind:

  1. You might have permission to use that network. This could lead to embarrassment should it arise that corporate communications are going over someone’s open linksys access point based in their apartment.
  2. The owner of the network could decide to monitor all communications on their network, which might include your conversations.
  3. The wireless network could be so open that anyone could attach to the network and scan all the computers on the local network. This could make it easy to connect to fileshares on any computer attached to the wireless network, for example.

  It is entirely possible for a user to connect to an open network accidentally.  Here is an example of how that can happen.

  When I visit one of my favorite coffee shops, I will connect to their public use wireless network, named “tmobile”. Whenever I go into that coffee shop, my computer will automatically connect to the “tmobile” network. What would happen if that “tmobile” network appeared in the office building? Well, most likely, my computer would automatically connect to the tmobile network, and this could be a problem!

   There is an easy way to test for your environment and see if you have users that will automatically attach to a wireless network.

  1. Get an inexpensive access point, such as a linksys wrt54g.
  2. Set the network name (also known as the SSID) to linksys.  (other SSIDs to use include tmobile, default, belkin54g and guest.)
  3. Do not connect the WAN port to the corporate network or the Internet. This will ensure that no access point users will connect to the Internet.
  4. Plug the access point in.
  5. After about 2 hours, connect to the wireless network and log in as the administrator. Examine the DHCP log. It is in here that you will find the number of people that attached to the wireless access point along with their computer name.

 Using this list, you can help find users that might be suspectible to unknowingly connecting to a rogue access point.

This access point will allow users to connect to the wireless network but will not allow users to use the wireless network for free Internet access.