Attackers sometimes use fake access points that pose as legitimate network connections in order to gain sensitive information or network access. In this video, learn about the risks posed by rogue access points and evil twin attacks.
- [Instructor] Attackers sometimes use fake wireless access points that pose as legitimate network connections in order to gain sensitive information or network access. Let's take a look at the risks posed by rogue access points and evil twin attacks. Rogue access points occur when someone connects an unauthorized wireless access point to an enterprise network. This might be as innocuous as an employee with bad wireless connectivity in his or her office purchasing an access point and plugging it into a nearby network jack to gain a better signal.
Or it could be more sinister with a hacker connecting an access point to later gain remote access to the network. The huge risk with rogue access points is that they can bypass other wireless authentication mechanisms. If you spend hours configuring your systems to use WPA2 security a rogue access point configured to avoid encryption can quickly bypass all of that. Anyone connecting to the rogue AP can then gain unrestricted access to your network. A second risk posed by rogue access points is interference.
There are a limited number of wifi channels available and rogue APs can quickly interfere with legitimate wireless use. IT staff should monitor their buildings and networks for the presence of rogue access points and shut them down quickly when they are detected. There are several technologies available to help with this. First enterprise-grade wireless networks often have built-in wireless intrusion detection systems. The access points for these networks identify unknown access points in the area. They can also give a rough idea of the rogue access point's location by using triangulation.
Readings of signal strength and direction from three or more legitimate access points provide a good idea of the rogue's general location. IT staff responding to that location can then use handheld devices to pinpoint the exact location of the rogue device and disconnect it from the network. National Football League and contractors used this technology during the Superbowl to identify fans who had personal hotspot features enabled on their phones that were interfering with stadium wireless networks.
Evil twin attacks are cousins of phishing and pharming attacks. A hacker sets up a fake access point with the SSID of a legitimate network. They then lure unsuspecting users who will automatically connect to that network when in the vicinity. Since the hacker controls the network he or she can then use DNS poisoning and similar tactics to redirect users to phishing websites. Conducting an evil twin attack is easy if attackers use very common SSIDs that millions of computers are configured to automatically connect to.
Attackers can automate the evil twin attack using software known as the karma toolkit. Karma searches for legitimate networks in an area, then automatically creates an evil twin network and builds fake websites that capture credentials from the users of the evil twin network. Enterprises must take care to ensure that they have controls in place to quickly detect and eliminate rogue access points on their networks. Additionally they should educate uses about the risks associated with using unknown open access points without a virtual private network connection.
Looking for study partners?Join the CompTIA Security+ SY0-501 Exam study group
The CompTIA Security+ exam is an excellent entry point for a career in information security. The latest version, SY0-501, expands coverage of cloud security, virtualization, and mobile security. This course prepares exam candidates for the critical Threats, Attacks, and Vulnerabilities domain of the exam. By learning about malware, networking and application security exploitations, and social engineering, you'll be prepared to answer questions from the exam—and strengthen your own organization's systems and defenses. Author Mike Chapple, an IT leader with over 15 years of experience, also covers the processes for discovering and mitigating threats and attacks, and conducting penetration testing and scanning for vulnerabilities. Visit certmike.com to join one of his free study groups.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities