Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Wireless: Rogue access point detection

The UTM should be able to detect rogue access points surreptitiously added to the network.

44 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Scott MorganScott Morgan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        This would be a major selling point for wireless protection - even if it is only to alert an administrator of the detection of a rogue B/SSID. DEAUTH capabilities would be even better again!

      • SylvainSylvain commented  ·   ·  Flag as inappropriate

        We scan for MAC adresses to do this, but some users will actually change their MAC address to spoof a desktop, killing the process. Then you'd wan't to detect the NAT used on that port, but that would also trigger on wanted NAT devices, then you'll want a whitelist for those, or have a strict corporate policy to restrict the amount of IP adresses that can be served on one switched port. But then those stations running VMs will trigger false positives and you'll have to maintain another whitelist for those. In an ideal scenario/world, you would perform internal network discovery on a regular basis, to detect what is being hooked up on your network and actually KNOW what's on your network. The most secure option is still a NAC, since unautorised devices simply won't work and that should kill your rogue Wifi router problem.

      Feedback and Knowledge Base