Re: Wireless Network Rogue Access Points

[Brian Epstein <bepstein () IAS EDU>]

Hi Greg,

Any place on our campus where someone could plug in a rogue AP, we make
sure it would end up on the untrusted/BYOD network.  Any open port on
the untrusted or trusted network also requires some type of
registration, although it is admittedly a lightweight registration on
the untrusted side.

We have a policy that rogue access points are not allowed on our
network.  We found, over the years, that enforcing the policy is
difficult/time consuming.  In general, if there is interference or
something malicious going on, we focus on getting it taken down quicker.
 Otherwise, we ignore them (they are on the untrusted/BYOD network).

In the future, we are looking at utilizing SDNs to make it more
difficult to get a rogue onto the network to begin with.  I think this
will be more effective for us rather than trying to hunt down rogue APs.

Our monitoring is done via our Cisco APs, WLCs, and Prime infrastructure.

Thanks,
ep

On 5/9/19 1:05 PM, Perrotti, Gregory wrote:
> Good afternoon.
>
>  
>
> We are conducting an audit of our Wireless Network and one of the risk
> areas we are assessing is related to rogue access points.  We are
> interested to know if any of you allow rogue access points and if so,
> what type of monitoring is done to detect the rogue access points? 
>
>  
>
> Your feedback and input is appreciated.
>
>  
>
> Thank you,
>
>  
>
> Greg 
>
>  
>
>  
>
> *Gregory Perrotti, CISA*
>
> IT Audit Director
>
> The University of Connecticut and UConn Health
>
> Audit & Management Advisory Services
>
> 28 Professional Park
>
> Storrs, CT 06268
>
> Phone: (860) 486-9350 (UConn Storrs)
>
> Phone: (860) 679-4290 (UConn Health)
>
> Fax: (860) 486-4527
>
> Email: _gregory.perrotti () uconn edu <mailto:gregory.perrotti () uconn edu>_
>
> *REPORTLINE email:  *reportline () uconn edu <mailto:reportline () uconn edu>**
>
> *REPORTLINE phone: 1-888-685-2637*
>
>  
>
> *CONFIDENTIALITY NOTICE*/: If you have received this e-mail in error,
> please immediately notify the sender by e-mail at the address shown and
> delete all copies of this message. This e-mail transmission may contain
> information that is proprietary, privileged, confidential, or otherwise
> legally exempt from disclosure. If you are not the named addressee,
> please be aware that you are not authorized to open, read, print,
> retain, copy, or disseminate this message or any part of it. Thank you
> for your compliance./
>
>  



-- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Manager, Network and Security           Institute for Advanced Study
Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78

Attachment: signature.asc
Description: OpenPGP digital signature