WLANmonitor enables you to detect so-called "rogue access points (APs)" and "rogue clients" in your network. WLAN devices that make unauthorized attempts at accessing a WLAN by posing as an access point or client are called rogues.
- Rogue clients are computers equipped with WLAN adapters that are located within the range of a WLAN and attempt to log on to one of the access points in order, for example, to use the Internet connection or gain access to secured areas on the network.
- Rogue APs are access points that, for example, a company's employees connect to the network without the knowledge or permission of the system administrators, thereby consciously or unconsciously making the network vulnerable to potential attackers via unsecured WLAN access. Not quite as dangerous, but disruptive all the same are access points that belong to third-party networks yet are within the range of the local WLAN. If such devices also use the same SSID and channel as the local AP (default settings), then local clients could attempt to log on to external networks.
Unidentified access points within the range of the local network frequently pose a possible threat and security gap. At the very least they are a disturbance, and so they need to be identified to decide whether further measures in securing the local network need to be introduced. Information about the clients within range of your network is automatically stored to an internal table in the access point. Once activated, background scans record neighboring access points and list them to the scan table. Also see the chapter Enabling background scans for access points.
WLANmonitor conveniently processes this information by dividing the access points and clients into categories such as 'Known', 'Unknown' or 'Rogue'.
