Is there a best practice for monitoring and detecting foreign wireless devices
Until we're comfortable with wireless security, our company has a "no wireless on site" policy (with the exception of Admin testing). Without connecting a wireless device to our hardwired network, is there a recommended means for continuous monitoring/detecting of "foreign" wireless devices brought on site by either employees or guests? (I won't rule out a standalone PC with a wireless card.)
Rouge wireless access points certainly present an interesting challenge for security professionals. The combination of ubiquitous network jacks and extremely inexpensive wireless hardware simply make it too easy for an employee to set up his or her own "private" wireless network to do "what those IT guys won't handle."
If your company is of relatively limited size and it's practical to walk around every once in a while, you might want to use the RF scanning approach. There's a free product called NetStumbler available to assist you with this task.
There are also various products that claim to perform rouge access point detection from the wired network. I've never worked with any of these personally, but you might want to try looking at the WiSentry product. One of the biggest advantages of this approach is that you'll be able to detect activity from access points that don't broadcast their SSIDs. Tools like NetStumbler are unable to detect these sneaky APs.
This was first published in April 2006