Rogue AP operating on unauthorized channel

This alarm is raised by WiFi Manager when it detects that a rogue AP is operating in an unauthorised channel in a WLAN .

What are channels?

Channel is the frequency on which the transmission or reception of signals takes place.Wireless devices adhering to 802.11 b/g standard operates on 2.4 GHz ISM (Industrial, Scientific and Medical) band and uses the frequency between 2.402 GHz to 2.483 GHz. This band is further divided into 14 channels. Similarly devices adhering to 802.11 a standard operates in the 5GHz UNII (Unlicensed National Information Infrastructure) band. and uses the frequency between 5.15 GHz to 5.35 GHz and 5.725 GHz to 5.825 GHz. This band is further divided into 16 channels.

When are channels unauthorised?

Enterprises standardise  the channel in which their WLAN devices should operate.  For eg.,they may decide to use either 802.11 a. The channels other than the one standardised for the Enterprise will be categorised as unauthorised channel.

What are the scenarios in which the above attack may occur?

Rogue Access Points installed by unauthorized employees may not follow enterprise standard deployment procedures and try to operate as Rogue APs in different channels. Presence of Rogue Access Points may also indicate malicious intruders attempting to hack into enterprise wired network. WiFi Manager alerts the WLAN administrators on rogue Access Points by checking the Access Points against enterprise standardized operating  channel assignments for the 802.11a/b/g standards.

What should the administrators do?

WiFi Manager discovered rogue Access Points should be thoroughly investigated and if required should be blocked from the network. WLAN administrator can block the rogue Access Point from the network, and thereby prevent authorized users from getting connected to it, by blocking the switch port to which the Access Point is connected.

Access Point operating on unauthorized channel could be Rogue

Block Rogue Access Points Using WiFi Manager