Wireless computing technologies provide untethered access to the Internet and other networks. One of the most critical technologies for wireless networking (or Wi-Fi) is the IEEE 802.11 family of protocols promulgated by the Institute of Electrical and Electronics Engineers. Currently, the protocols are widely adopted in wireless devices such as laptop computers, tablet computers, smart phones, and network appliances. Many networks with wireless devices use an access point (AP) with a radio and antenna as an interface between wireless devices and the backbone network which is typically wired. Wireless devices can discover available APs within range of their radios by listening for beacons broadcast by APs which include an identifier such as a basic service set identifier (BSSID). Wireless device use the identifier in a probe request to initiate a connection to the identified AP.
One problem with networks for wireless devices is that unauthorized access points can be introduced to the system and advertise a connection point to wireless devices. Wireless devices may be unaware of which APs are authorized and unsuspectingly respond to a beacon. This situation causes a serious vulnerability to an entity because the unauthorized access point may then become privy to confidential information transferred to and from unsuspecting wireless devices, allowing data theft. Operators of unauthorized access points may are not always devious. In one case, an employee adds an additional access point to an area with poor coverage, without realizing the consequences.
Furthermore, the unauthorized AP is not subject to policies and procedures promulgated by network administrators through access points. For example, undesirable wireless devices making prohibited data transfers, such as video downloads or chat sessions, can steal network bandwidth from other operations more critical to the entity.
In addition, as a wireless device, a network administrator attempting to manually find and shut down the AP takes a great deal time and effort. Directly ordering wireless devices is hampered by the fact that wireless stations generally communicate with one AP at a time, as selected by the wireless device. Moreover, those communications under an increasingly prevalent IEEE 802.11w take place over a secured channel between devices that have been authenticated and associated. Thus, a direct order is not possible from devices that, from the perspective of the wireless devices, are not trusted.
What is needed is a robust technique to disconnect the unauthenticated APs in view of these problems.