A problem that is arising in communication networks, such as a wireless local area network, is the ease with which an unauthorized or unsecure access point can be added to the network. For example, an employee could add an unsecure access point to a corporate network without have authorization to do so. In this case, anyone in proximity to that “rogue” access point could access (i.e. snoop) the corporate network. In another example, a hacker could attempt to add an unsecured access point to a communication network for illicit purposes. Such unauthorized access points pose a security threat to the communication network to which they are attached.
One solution to this problem is for the network operator to use an intrusion detection technique to find unauthorized access points on the network. In effect, this technique use existing access points, mobile devices or controllers in the communication network to scan all available frequencies of that communication network to detect the use of a frequency that has not been authorized. However, the use of this technique reduces the available bandwidth for authorized users of the network, and can actually detect access points on other neighboring networks, which do not pose a threat. Alternatively, an intrusion testing device, such as a separate sensor or detector, can be added to the communication network to check the network frequencies, but this adds costs.
Another solution is for the communication network controller to compare the Media Access Control (MAC) address (or other identity such as a Basic Service Set Identifier, BSSID) of active access points on the communication network against a list of authorized access points stored in the controller. Any access points that do not have an identity that matches the list of authorized access points are then located to confirm their security status. However, this technique requires that the list be maintained at all times, which is a logistical problem.
Accordingly, there is a need for a technique to detect an unauthorized or rogue access point that is attached to a wireless communication network.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.