Authorized Client Connected to Rogue AP

Authorized Client Connected to Rogue AP

WiFi Manager monitors the users and their association patter in the WLAN -

Who are using the wireless LAN.
To which Access point they are associated.
When they were associated and what was the session duration etc.,

WiFi Manager triggers this alarm when it finds a trusted user of the WLAN associated with a rogue Access point.

What does this alarm signifies ?

This alarm may signify the presence of a rogue Access point in the WLAN somewhere within the range of the mobile user.
This may also signify the presence of a new Access point which is not yet added to the authorized list.
This may also be because of a Access point in the neighbouring premises beaming signal in to the corporate LAN and the user accidentally getting associated with the same.

What will be the impact ?

If such wrong associations are triggered by hackers of the WLAN (by masquerading as authorized Access point) then they will be able to exploit such associations. They will get access to the client devices and the information in it which can later be used to gain access to the corporate LAN or to steal information from the network.

What should the WLAN Administrator do ?

They should immediately analyze the cause of the alarm and take corrective action. If the alarm is triggered by the presence of a rogue Access point then they have to take immediate steps to shut it down. Shutting down of rogue Access points can be done using the "Block AP" feature in WiFi Manager.

On the other hand if the alarm is because of the client associating itself with a new unconfigured Access point, then the administrators should take immediate to steps to configure the same in line with the corporate security policies and add that Access point to the trusted list of devices.

To add the AP to the authorized list, we can choose the AP and then Mark it as "Trusted".

If the client has associated with an Access Point from a neighboring LAN (AP that is not physically connected to your wired network but beaming its signals into your network) then you have to disassociate your client and force it to connect using the authorized SSIDs alone. You should also Mark the AP as "friendly" for WiFi Manager to stop monitoring it. You should enforce that all your authorized users should connect only using the SSIDs available in your authorized SSID list.