This article explains about Rogue Access Point detection in Wireless Intrusion Detection Settings (IDS).
Rogue Access Points
Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security.
In general terms, an access point is considered rogue when it has not been authorized for use on a network.
The convenience, affordability and availability of non-secure access points and the ease with which they can be added to a network creates a easy environment for introducing rogue access points.
Specifically the real threat emerges in a number of different ways including unintentional and unwitting connections to the rogue device, transmission of sensitive data over non-secure channels and unwanted access to LAN resources. So while this doesn't represent a deficiency in the security of a specific wireless device, it is a weakness to the overall security of wireless networks.
The security appliance can alleviate this weakness by recognizing rogue access points potentially attempting to gain access to your network. It accomplishes this in two ways:
Active scanning for access points on all802.11a, 802.11g, 802.11n and 802.11ac channels.
Passive scanning while in Access Point mode) forbeacon of access points on a single channel of operation.?
Step 1: Login to the SonicWall management GUI
Step 2: Navigate to Wireless -> IDS, making following change on the Right side under Wireless Intrusion Detection Settings.
Select "Enable Rogue Access Point Detection" checkbox to specify the rogue access point detection method.
The Authorized Access Points menu allows you to specify All Authorized Access Points, Create new MAC Address Object Group or Select an Address Object Group.
Step 3:Click the Accept button in top of the page to save the changes.
The Authorized Access Points menu allows you to specify which access points the SonicWall security appliance will considered authorized when it performs a scan.
You can select All Authorized Access Points to allow all SonicPoints or you can select Create new MAC Address Object Group to create an address object group containing a group of MAC address to limit the list to only those SonicPoints whose MAC addresses are contained in the address object group.