Rogue Access Points and Evil Twins – CompTIA Security+ SY0-401: 3.4

| September 10, 2014


One rogue access point can create a significant security issue. In this video, you’ll learn about rogue access points, evil twins, and how to protect yourself from these security concerns.

<< Previous Video: The Effectiveness of Social EngineeringNext: Wireless Interference >>


A rogue access point is, quite simply, an access point that’s been added to your network without your knowledge, you no idea it’s there. This is obviously something that can create a very significant backdoor. If you don’t know an access point’s there, then you certainly aren’t managing it, you don’t know if any type of security has been configured on it, and you have no idea who might be connecting to your network through this wireless connection. So there’s some really, really huge security concerns associated with the rogue access point. The problem is that it’s so easy to plug-in an access point into a traditional network. If you’re not doing any type of network access control protocols on your network, then it’s very easy, not just for workstations, but for things like additional access points to be plugged in to any network connections. Somebody can walk into their cube, plug-in this access point, and now they’re on the network with this access point.

One of the things that’s also a bit of a challenge is now the latest operating systems also allow you to click a few buttons and perform network sharing using existing wireless connections. You can then plug into a wired connection and have your computer become the access point. The wireless card in your computer is now its own broadcasting access device. This is very great when you’re on the road and you like to share that connection, not so great when you are in your corporate or organization’s environment and you want to be sure that nobody can connect to the network who should not be on the network.

Obviously, to be able to combat this you either have to have some type of network access control in place or you may have to occasionally grab a wireless access point device– something that can survey the area– start walking around. See if you can find access points on your network that you have no idea are really there. There are lot of great tools to do this. There are commercial tools and, of course, tools that you can get for free from the internet that would allow you to see what’s happening in your wireless network, as well.

If you have the flexibility of enabling network access control, which are these 802.1X type protocols, then you’re requiring that people authenticate to the network every time they plug-in a device, whether they’re plugging in and connecting via a wireless network or through a wired network. Now this won’t necessarily prevent people from plugging in an access point, but what it will do is require that people who are connecting to that access point authenticate through the methods that you have in place. So even if they were to some way connected physically to the network, they would still be prevented from doing anything in your environment.

When the bad guys are putting together a rogue access point it’s for much more nefarious means. They really want access to your network. Or they want access to what people are putting through the network. And that’s where a wireless evil twin comes into play. Very simple to do this. You grab an access point, you purchase one. In the United States you can get one for well under $100 these days. You have this access point, you plug it into the network, and you configure it exactly the same way as the existing network. This is why open access points that have no password associated with them can be such a security concern, because it’s very, very easy to duplicate an open wireless system. You simply put the same configurations in the evil twin– the same SSID information, the same security settings. If you do have access to the security settings, simply duplicate the security settings on the evil twin.

And once you’re ready to implement it, you put it into the network or position it in a place on the network so that it is the primary excess point. You generally do this by making sure that it is the one with the strongest signal for the end users to see and the machines will automatically see that stronger signal and decide to choose that access point. zit just makes sense. So normally you’re trying to get much more power out of your access point than the existing access point that’s on the network, or you make sure the evil twin is closer to the people that you would like to gather information from. And once you’re on the network, you’re able to see everything. It’s very, very easy to do this in a place where there are open Wi-Fi hotspots.

The challenge at this point is now you’re connected to the evil twin, all of the traffic going between you and the regular network is now going to flow through the evil twin. Which means anybody who has control over the evil twin can see everything going over that link. This obviously creates enormous security concerns and as we go through these videos we’ll talk about things that you can do on wireless networks to look for these things like the wireless evil twins and what you can do to protect your data in case you happen to be connected to one of these evil twin networks.

And one of the most useful functional ways to protect this is to encrypt your data. Even if it is over a wireless network that already has WPA encryption, you want to even add additional encryption by perhaps creating a VPN connection– a tunnel that is an encrypted connection between your machine and another device. Maybe you’re using HTTPS to your web servers, you’re logging on through an encrypted channel that goes between your workstation and the web server on the other side. Even if somebody had an evil twin on the network, they were monitoring the traffic flowing across that wireless network to the wired network, they would not have any idea what was inside of that traffic because you are protected. Your encrypting all of that traffic and even if they capture it, they can’t do very much with it.

Tags: , , , ,

Category: CompTIA Security+ SY0-401

Comments are closed.

X