Endpoint Security , Governance & Risk Management , IT Risk Management

Finding and Removing Rogue Wi-Fi Access Points

Tracie Thompson of HackHunter Says Access Points Can Be Tiny, Difficult to Locate
Tracie Thompson, CEO, HackHunter

A company's Wi-Fi network is an ever-present target for attackers, and the range of risks, particularly in an era of pervasive IoT, continues to grow.

See Also: Live Webinar | A Buyers' Guide: What to Consider When Assessing a CASB

IT security pros work to ensue unauthorized devices, including video cameras, small hacking tools and BYOD items, don't join the network.

Also a threat are so-called "evil twin" attacks, where an attacker creates an access point that masquerades as a real one in order to get victims to connect.

Regularly auditing corporate Wi-Fi is a best practice, says Tracie Thompson, CEO and co-founder of the Australian startup HackHunter. PCI-DSS requires regular Wi-Fi audits as well as the removal of unauthorized access points, she points out.

High-range routers can alert and log the presence of an unknown device, but that doesn't mean that those devices are going to be easy to find, she says. Rogue devices could be a small as a thumbnail and stuck in a ceiling or under a floor.

"The routers will tell you that something's there, but you can't actually find it using a router obviously because they're static," Thompson says.

In this video interview, Thompson discusses:

  • What threats enterprises face from rogue access points;
  • Why rogue access points are hard to find;
  • How physical audits could miss unauthorized access points.

Tracie Thompson is the CEO of the Australian startup HackHunter, which sells cybersecurity tools. She is also co-founder of Thompson Security, an information security consultancy.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.