Rogue Access Point
What is Rogue Access Point?
Rogue Access PointAn unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls.
A rogue AP is any Wi-Fi access point that operates on a network without proper authorisation. It may be installed by an attacker who has gained physical access (planting a small hidden AP to provide a backdoor) or by a well-meaning employee who plugs in a consumer router to improve Wi-Fi coverage. Either way it bypasses firewalls, 802.1X, segmentation, and DLP. Rogue APs are often used as platforms for evil-twin attacks. Defences include wireless intrusion detection/prevention (WIDS/WIPS) that scans the RF spectrum, NAC at the wired port, switch-port lockdown, regular site surveys, and clear acceptable-use policies forbidding personal networking gear.
● Examples
- 01
A pen-tester plants a small cellular-connected AP under a meeting-room table as a covert backdoor.
- 02
An employee installs a home Wi-Fi router in their cubicle to bypass corporate web filtering, exposing the LAN.
● Frequently asked questions
What is Rogue Access Point?
An unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls. It belongs to the Attacks & Threats category of cybersecurity.
What does Rogue Access Point mean?
An unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls.
How do you defend against Rogue Access Point?
Defences for Rogue Access Point typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Rogue Access Point?
Common alternative names include: Unauthorized AP.