MicroNugget: How to Contain Rogue Access Points in a WLAN
ฝัง
- เผยแพร่เมื่อ 13 ต.ค. 2024
- Start learning cybersecurity with CBT Nuggets. courses.cbt.gg...
In this video, Keith Barker covers containing rogue access points in a wireless network. If you're running a network, the last thing you need is one of your users finding their way to a malicious network that's spoofing your SSID. Find them and stop them with WLCs.
Large corporate infrastructures or places like airports are common targets for malicious actors to set up a network that looks and feels a lot like your own. They're on the hunt for your users. If they can spoof your network and SSID successfully, they can get one of your users to use their system and compromise them. Then they might turn that device around and use it for a man-in-the-middle attack on your own network and eavesdrop all the traffic that passes through the device.
But wireless LAN controllers are always listening to their downstream access points, who are - in turn - scanning other channels and reporting back to their WLCs what other access points are broadcasting in nearby ranges. The WLC registers those rogue access points, and if you know how to find that registry, you can act to contain the threats.
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/6piv
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/z3r5
Start learning with CBT Nuggets:
• Linux Troubleshooting | courses.cbt.gg...
• Linux Essentials | courses.cbt.gg...
• Linux Security | courses.cbt.gg...
• CompTIA Linux+ (XK0-004) | courses.cbt.gg...
• Linux Server Administration | courses.cbt.gg...
Great questions.
The documentation I was just reviewing (from Cisco's site) said that the rogue containment uses between 5-10 percent of the AP's performance, with a cap of 30%, but I didn't see specifics as to how often the flood of deauth messages would be sent.
If the offending AP was in the same frequency bands as our production APs, then that could hurt performance, but the APs would be told to move to a new band (by the wlc) to avoid interference.
Thanks for the questions,
Keith
love all your videos. thanks for the micro nugget
Wonderful video. Superb information presentation. Really enjoyed it!
Keith, a couple questions.
1. At what interval do the "deauth" messages broadcast?
2. Could the additional noise affect network performance?
Thanks for another great video!
Thanks for the video. Is a "Deauthenticatication attack" the same as the "Disassociation attack"?
very helpful
What I don't understand is that if you have an access point plugged into your network that isn't managed by the WLC, then how come you need to scan for it with your APs? Wouldn't it come up over the wired traffic?
If you can't distinguish a rogue AP over the wired traffic then how come after scanning for them with your APs you know which ones are a part of your network which ones are just adjacent networks' traffic reaching your APs' sensors.
Hi, Markus! Most of today's access points will have a specific port or protocol it uses to communicate with a wireless LAN controller. There are also times that you may not want it to be adopted into the main network. There might be additional configurations needed. If an additional AP was wired into the network, the vendor and protocols might be different and don't come up right away. The AP's working with the WLC can scan for neighboring AP's to help identify issues. It's best practice to also lock down the ports that are not in use. So if there is a port in the office that is not used regularly, you can do a few things like isolating it into an empty VLAN, and also set up port security to be notified of the connection.
Hope that helps! Thank you for learning with us.
@@cbtnuggets Thanks for responding to a comment of a 7 year old video. Very impressive.