As the world moves further into the mobile information age, the need to securely connect to wireless communication networks, which are the access networks to the Internet infrastructure, is increasing dramatically. More and more customers like to shop online, pay bills, and even manage their bank accounts using free, convenient public Wi-Fi. Public locations, such as stores and airports, make Wi-Fi available for customers and other members of the public as a matter of course.
However, the current wireless media environment is not secure enough for sensitive information such as passwords. An attacker can easily set up Rogue Access Points (APs) to take advantage of public Wi-Fi. Rogue APs are critical threats in the information infrastructure. Once a user's devices connect to Rogue APs, the attacker can exploit the Rogue AP as a bridgehead to launch multiple stage attacks.
For example, the attacker can use Domain Name System Spoofing to redirect a user to some malicious website, and then download malware to that user's device. Such malware can include keyloggers that record the user's keystrokes. Attackers can steal cookies or authentication tokens from a user's browser. Man in the Browser (MitB) attacks can modify an authentic login page to require the user to provide more identifying information, such as a social security number, which is then forwarded to the attacker. Man in the Middle (MitM) attacks can capture sensitive data, such as passwords, in transit. MitM attacks may extend to a wired environment such as wired access networks (e.g., cable modems.)
Traditional defense methods such as signature- and statistics-based intrusion detection and prevention systems are inadequate in defending against Rogue APs. There is an unmet need for a system capable of protecting against Rogue APs and conducting forensic reviews of attempted attacks to strengthen system protection.