A rogue AP is an AP or wireless router that has either been:
- Connected to a corporate network without explicit authorization and against corporate policy. Anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network resources.
- Connected or enabled by an attacker to capture client data such as the MAC addresses of clients (both wireless and wired), or to capture and disguise data packets, to gain access to network resources, or to launch man-in-the-middle attack.
Another consideration is how easy it is to create a personal network hotspot. For example, a user with secure network access enables their authorized Windows host to become a Wi-Fi AP. Doing so circumvents the security measures and other unauthorized devices can now access network resources as a shared device.
To prevent the installation of rogue APs, organizations must use monitoring software to actively monitor the radio spectrum for unauthorized APs. For example, the sample Cisco Prime Infrastructure network management software screenshot in the figure displays an RF map identifying the location of an intruder with a spoofed MAC address detected.
Note: Cisco Prime is network management software that works with other management software to provide a common look and central location for all network information. It is usually deployed in very large organizations.