Rogue Ap Detection - ZyXEL Communications NXC5200 User Manual

Chapter 5 Tutorials

5.4 Rogue AP Detection

Rogue APs are wireless access points interacting with the network managed by the
NXC but which are not under the control of the network administrator. In short,
they are a security risk because they circumvent network security policy. AP
detection only works when at least 1 AP is configured for Monitor mode.
The following are some suggestions on monitor AP placement:
• Neighboring companies that both support wireless network. If you can detect
your neighbor's APs and you know they are 'friendly', you can add them to the
friendly exception list.
• Reception areas. If a reception area has a high volume of visitor traffic, it might
be useful to see if anyone is setting up their wireless device as an AP.
• High security areas. An AP set to Monitor mode will let you see if anyone sets up
an unauthorized AP that could potentially compromise your security.
In this example, an employee illicitly connects his own AP (RG) to the network
that the NXC manages. While not necessarily a malicious act, it can nonetheless
have severe security consequences on the network.
Figure 22 Rogue AP Example A
92
NXC5200 User's Guide