Home > Wireless gadgets, Wireless security > How “soft APs” can create “soft spots” in your network security

How “soft APs” can create “soft spots” in your network security

November 13th, 2009

In several of my recent wireless scanning exercises, I have encountered soft APs much more often than before. In one case, it was an employee who returned from business trip who had used USB WiFi AP in hotel to share his Internet connection with fellow workers (well, they did not all want to pay $5 per hour, if they can get around by paying only once!) and did not care to remove it from laptop before connecting into enterprise network. In another case, it was an employee in no-WiFi organization who used to impress others by creating soft AP on his Window’s laptop for others to access. The moral of these stories is that the occurrence of rogue AP on the enterprise network in the form of soft AP has become more pronounced of late. I think the reasons behind this are the ease with which operating systems (notably Microsoft Windows) allow soft AP configuration on embedded WiFi interfaces as well as off-the-shelf availability of PCMCIA cards and USB sticks designed for soft AP operation. It is also worth noting that soft AP is also a perfect “solution” to put rogue AP on network evading wireside controls such as 802.1x, NACs and wireside-only rogue AP scanner.

So what is a soft AP? Soft access point (AP) is a laptop or other such wireless enabled device which performs traffic forwarding between its wired and wireless interfaces. If the wired interface of such device is connected into enterprise network, soft AP acts as rogue AP on the network. It can be accessed on the wireless side by unauthorized users who can then get bridged to wired enterprise network through the soft AP. Easiest way to create soft AP on Windows laptop is to enable bridging or ICS between its wired and wireless interfaces. Another easy way to create soft AP is to plug USB devices such as Windy31 in the laptop which then auto-configure rest of the things required for soft AP operation.

So it becomes imperative that protection from soft APs be an important consideration while evaluating WiFi security posture of enterprise networks.

Hemant Chaskar

Hemant Chaskar is Vice President for Technology and Innovation at AirTight. He oversees R&D, product strategy, and intellectual property.Hemant has more than 15 years of experience in the networking, wireless, and security industry and holds several patents in these areas.

Twitter 

Wireless gadgets, Wireless security , , , , ,

Comments

  1. January 5th, 2012 at 18:48 | #1

    These days it is even more easy to fire up soft AP because of the recent proliferation of smart phones and tablets. You can now easily turn on soft AP on Android or Apple device. You may think of running some kind of monitoring software on such devices to prevent this activity. But, all said and done, in practice it is difficult to expect end users to be compliant on their own and some kind of overlay monitoring will be essential to detect and “take out” such soft APs. @Thu Betteridge

  1. No trackbacks yet.

Your email address will not be published. Required fields are marked *