Q
Manage Learn to apply best practices and optimize your operations.

How can enterprises defend against an evil twin attack?

The threat of an evil twin attack has plagued enterprises for years, and it's still not leaving. Expert Nick Lewis explains how to defend against evil twins.

What are evil twin wireless access points? I heard about a new tool for detecting them, but is it worth considering...

in an enterprise setting? Are there other ways to prevent users from connecting to evil twin wireless access points?

The evil twin access point attack has been around almost as long as wireless networking. It and other attacks -- such as Firesheep -- are why people should be careful when they connect to insecure wireless networks. Insecure wireless networks are the easiest to spoof and the most susceptible to these attacks. An evil twin attack is when a wireless network is set up with the same name as a legitimate wireless network, but operated by an unauthorized party. The twin is almost always configured without security features, so the greatest number of potential victims will connect to it and receive minimal security warnings about certificate mismatches or incorrect WPA2 keys, among others.

A new tool, called EvilAP_Defender, automates the defense against an evil twin attack. One of the most effective defenses against an evil twin access point is monitoring wireless networks for access points that do not match those used by your enterprise. This could be a difference in the manufacturer or model, security settings and so on. Some wireless control systems have similar functionality, but -- like all security tools -- they require someone to be monitoring the tools to determine what to do when an attack is detected. EvilAP_Defender has the option to just monitor or to perform active defense to protect your wireless network. This could mean sending disassociate packets or otherwise disabling the rogue wireless by using the same channel at a higher power. These actions are general tools to manage wireless networks when a misbehaving access point is discovered.

Using a VPN is also a good way to prevent an evil twin attack and protect users, but it will not necessarily stop users from connecting to the rogue access point. You could disable the option to connect to unapproved wireless networks, but this could be a significant limitation for your users. There may be a configuration option for the wireless supplicant that allows users to only connect to a secure wireless network, rather than just a warning that the user is connecting to an insecure network.

Next Steps

Want to monitor your Wi-Fi network for malicious behavior? Learn how to use the open source networking monitoring tool Kismet

Find out how to secure Wi-Fi now for the future

This was last published in December 2015

Dig Deeper on Network device security: Appliances, firewalls and switches

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your organization dealt with evil twin attacks? If so, how has it handled the situation?
Cancel
I think knowledge and training on how to spot them are the key. To many people just click and go without considering the repercussions.
You have to make sure you are connecting to the right system. It's like an e-mail phishing scam. It looks like what I want so it must be valid... 
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close