An important part of security monitoring for a wireless network implementation is a wireless intrusion prevention system. A wireless network should be treated as any other network type, each susceptible to attack and intrusion. What makes wireless networks unique is their boundaries are not limited by a physical boundary and the wireless specific protocols that must be used. Attacks to a wireless infrastructure are unique to the implemented protocols and require a system that can detect and mitigate these unique attacks. Wireless authentication and encryption are the primary attack vectors, but the wireless network infrastructure is a target as well.
It is common to have rogue access points in the airspace of the enterprise wireless deployment, but being able to determine the intent of the rogue access point is the purpose of a wireless intrusion prevention system. To be clear, a rogue access point generically is an access point in the same airspace as the enterprise wireless network though not a part of the enterprise implementation. Additionally, a true rogue AP is connected somewhere on the wired network of the enterprise. Simply detecting another access point in the range of the wireless network does not necessarily make the access point a rogue access point. Being connected to the wired network, impersonating a legitimate access point in an attempt to harvest credentials, and being used to launch other attacks against the wireless deployment are characteristics that further define a rogue access point.
A wireless intrusion prevention system can not only detect attacks over the air, but can also determine if the rogue access point is connected to the wired network. Several wireless vendors have the capability built into their solution allowing for a standard AP to act as an intrusion detection device leveraging the management system to apply signal analysis for attacks. The solution should also be able to identify all access points within the wireless implementation and detect when an AP has been physically altered, replaced, or is simply not a valid member of the wireless network.
If the enterprise has a wireless implementation, a wireless intrusion prevention system should be implemented to protect the network as the wired network is protected. PCI DSS, which focuses on cardholder data environments, has worthwhile guidance for general security practices for properly securing the wireless environment. Detected attacks must be alerted and security staff should be monitoring alerts to ensure a quick response to possible wireless network intrusions.