Is there a best practice for monitoring and detecting foreign wireless devices

Is there a best practice for monitoring and detecting foreign wireless devices

Until we're comfortable with wireless security, our company has a "no wireless on site" policy (with the exception of Admin testing). Without connecting a wireless device to our hardwired network, is there a recommended means for continuous monitoring/detecting of "foreign" wireless devices brought on site by either employees or guests? (I won't rule out a standalone PC with a wireless card.)

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Rouge wireless access points certainly present an interesting challenge for security professionals. The combination of ubiquitous network jacks and extremely inexpensive wireless hardware simply make it too easy for an employee to set up his or her own "private" wireless network to do "what those IT guys won't handle."

If your company is of relatively limited size and it's practical to walk around every once in a while, you might want to use the RF scanning approach. There's a free product called NetStumbler available to assist you with this task.

There are also various products that claim to perform rouge access point detection from the wired network. I've never worked with any of these personally, but you might want to try looking at the WiSentry product. One of the biggest advantages of this approach is that you'll be able to detect activity from access points that don't broadcast their SSIDs. Tools like NetStumbler are unable to detect these sneaky APs.

This was first published in April 2006