Rogue Access Points Problematic

By Andrew Garcia  |  Posted 2008-03-18 Print this article Print

However, for now, the near-term security problems with 802.11n implementations will be a cream-and-clear amplified version of those that wireless administrators have been battling for years.

For instance, the problem of employees installing rogue access points could again become a bone of contention. It will be increasingly difficult to buy a laptop without an integrated 802.11n-capable network adapter during the next few years, so even if a company stalls on moving the infrastructure to 802.11n, enterprising users may instead decide to put their client connection to work by installing a cheap consumer-grade 802.11n access point on the corporate network.

In addition, with 802.11n's significantly improved range performance, network administrators will need to rethink the edges of their Wi-Fi deployment (or an 802.11n rogue for that matter). Whereas an older 802.11 a/b/g network may have extended usefully only to the middle of the parking lot, an 802.11n-enabled network may extend across the street and into another building. Leveraging a modern wireless privacy standard like WPA2 [Wi-Fi Protected Access 2] will therefore be an absolute must moving forward with 802.11n to keep out both the bandwidth leeches and those with more malicious intent.

With the standard still somewhat in a state of flux, and the 802.11n vulnerability landscape immature, wireless security and overlay vendors such as AirDefense, AirMagnet or AirTight have yet to formally announce plans and products for 802.11n. While this lack of availability may change in the next few months-perhaps around Interop time frame-I anticipate that the vendors' 802.11n functionality will be geared more toward performance analysis rather than security. The limited security functionality also will likely consist mostly of finding new-generation rogues and being able to sniff their payload, if it's unencrypted.

In the meantime, wireless LAN customers investigating 802.11n for the enterprise should talk to their preferred Wi-Fi access vendor to find out what kind 802.11n-oriented detections, alarms and analyses their products are capable of.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel