Attackers sometimes use fake access points that pose as legitimate network connections in order to gain sensitive information or network access. Learn about the risks posed by rogue access points and evil twin attacks.
- [Narrator] Attackers sometimes use fake wireless access points that pose as legitimate network connections, in order to gain sensitive information or network access. Let's take a look at the risks posed by rogue access points and evil twin attacks. Rogue access points occur when someone connects an unauthorized wireless access point to an enterprise network. This might be as innocuous as an employee with bad wireless connectivity in his or her office purchasing an access point and plugging it in to a nearby network jack to gain a better signal.
Or it could be more sinister, with a hacker connecting an access point to later gain remote access to the network. The huge risk with rogue access points is that they can bypass other wireless authentication mechanisms. If you spend hours configuring your systems to use WPA2 security, a rogue access point configured to avoid encryption can quickly bypass all of that. Anyone connecting to the rogue AP can then gain unrestricted access to your network. A second risk posed by rogue access points is interference.
There are a limited number of wifi channels available and rogue APs can quickly interfere with legitimate wireless use. IT staff should monitor their buildings and networks for the presence of rogue access points and shut them down quickly when they are detected. There are several technologies to help with this. First, enterprise-grade wireless networks often have built-in wireless intrusion detection systems. The access points for these networks identify unknown access points in the area. They can also give a rough idea of the rogue access point's location by using triangulation.
Readings of signal strength and direction from three or more legitimate access points provide a good idea of the rogue's general location. IT staff responding to that location can then use hand-held devices to pin point the exact location of the rogue device and disconnect it from the network. National Football League and contractors use this technology during the Superbowl to identify fans who had personal hotspot features enabled on their phone that were interfering with stadium wireless networks.
Evil twin attacks are cousins of phishing and farming attacks. A hacker sets up a fake access point with the SSID of a legitimate network. They then lure unsuspecting users who automatically connect to that network when in the vicinity. Since the hacker controls the network, he or she can then use DNS poisoning and similar tactics to redirect users to phishing websites. Conducting an evil twin attack is easy if attackers use very common SSIDs that millions of computers are configured to automatically connect to.
Attackers can automate the evil twin attack using software known as the Karma Toolkit. Karma searches for legitimate networks in an area, then automatically creates an evil twin network and builds fake websites that capture credentials from the uses of the evil twin network. Enterprises must take care to ensure that they have controls in place to quickly detect and eliminate rogue access points on their networks. Additionally, they should educate users about the risks associated with using unknown open access points without a virtual private network connection.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security