Device Configuration : Protect : Wireless : Rogue AP Scan
Rogue AP Scan
A Rogue Access Point (AP) is any Wi-Fi access point connected to your network without authorization. It can be a setup used by an attacker for the purpose of sniffing wireless network traffic and can be used to conduct a man-in-the-middle attack. It allows anyone with a Wi-Fi-equipped device to connect to your corporate network, leaving your IT assets wide open for the casual snooper or criminal hacker.
Device can alleviate this by recognizing rogue access points potentially attempting to gain access to your network.
Click Schedule system-triggered scan to enable a schedule to scan and discover authorized APs and rogue APs. You can select from the pre-defined schedules or create a custom schedule from Configure > System > Profiles > Schedule .
Discover Access Points
To increase the security capabilities and identify the unauthorized APs, Sophos Wireless Devices provides scanning capability by which nearby APs can be discovered and administrator can take countermeasures against the most common types of illicit wireless activity.
To manually scan for the automatic discovery of APs, click “Scan Now”.
All the discovered Access Points detected are regarded as unrecognized until they are identified as authorized or rogue for operation. To authorize an access point, click the icon against the AP to be marked as authorized in the Unrecognized AP table. To mark an access point as rogue, click the icon against the AP to be marked as rogue in the Unrecognized AP table.
If you are scanning for the first time after enabling Wireless LAN, all the discovered APs will be listed in Unrecognized Access Points table. Scanning result is displayed in the form of 3 tables:
Unrecognized Access Points table
Table lists all the discovered nearby APs and displays following information:
Channel
The radio channel used by the access point.
BSSID
The MAC Address of the radio interface of the detected access point.
SSID
The radio SSID of the access point.
Signal Strength
The strength of the detected radio signal
Security Mode
Mode for encrypting the wireless traffic
Wireless Mode
Wireless protocol
Action
Click the icon to mark the AP as authorized AP and move in the Authorized AP table. Click the icon to mark the AP as Rogue AP and move to the Rogue AP table.
Rogue Access Points table
Table lists all the APs marked as “Rogue” and displays following information:
Channel
The radio channel used by the access point.
BSSID
The MAC Address of the radio interface of the detected access point.
SSID
The radio SSID of the access point.
Signal Strength
The strength of the detected radio signal
Security Mode
Mode for encrypting the wireless traffic
Wireless Mode
Wireless protocol
Action
Click the icon to mark the AP as authorized AP and move in the Authorized AP table. Click the icon to mark the AP as unrecognized AP and move to the Unrecognized AP table.
Authorized Access Points table
Table lists all the APs marked as “Authorized” and displays following information:
Channel
The radio channel used by the access point.
BSSID
The MAC Address of the radio interface of the detected access point.
SSID
The radio SSID of the access point.
Signal Strength
The strength of the detected radio signal
Security Mode
Mode for encrypting the wireless traffic
Wireless Mode
Wireless protocol
Action
Click the icon to mark the AP as unrecognized AP and move to the Unrecognized AP table. Click the icon to mark the AP as Rogue AP and move to the Rogue AP table.