Prevent unwanted computers from connecting to your wireless network
Topic: NETWORK INTRUSION DETECTION
Unwanted rogue machines on your network - You don't want rogue machines on your network. Machines that tries to fool other machines in all kinds of ways, most often to gather information about you and your company.
A rogue machine can be an unknown devices someone connected to your network or a familiar computer that have been infected by a malware. A rogue machine can be a wireless access point providing network services to outsiders, a computer acting as a DHCP server to reroute traffic to a rogue gateway, a network sniffer to collect network device information to be used to attack special network services.
Rogue Wifi AP (Access Point) extends your network providing the surrounding with an access point to your network. The unwanted AP may not be "rogue" it self but provide access to computers that runs rogue software.
Rogue DHCP server will handout IP-address and gateway addresses that reroute network traffic through a rogue gateway. The rogue gateway then can monitor all traffic to and from the computer that has obtained its address from the rogue DHCP server. Most often the rogue DHCP server reroute to a rouge gateway that runs on the same computer that the rogue DHCP server does. In this way a Malware would consist of a DHCP server, Gateway and an information gathering system that can be remotely controlled.
Rogue Sniffer will monitor the network traffic broadcasts and map IP-address against MAC-addresses. Then a MAC-address can be spoofed by ARP-poisoning and then network traffic from the spoofed computer will be directed to a different computer that can act as a Man-In-The-Middle machine.
There are no obvious way of knowing what purpose a specific rogue machine (device or computer) have and therefore no easy way of detecting rogue machines. You will need multiple ways to detect rogue machines on your network.
Suspicious behavior detection is by far the best way. This includes multiple sensoring algorithms and there are systems on the market that can do this.
Suspicious MAC-address on the network can be detected. This works against rogue devices that connects to the network. Some devices uses MAC-address masquerade to hide behind a familiar MAC-address but that can be detected by MAC-address Hijack detection.
Wifi RF sensors that monitor the Wifi radio spectrum can detect when new unwanted Wifi devices are in the air, trying to connect to the network.
Quarantine computers that been on public networks. Don't let computers connect to your network if been on a network not known to you. These computers may be infected by Malware carrying rogue machine software.
Use LANeye to detect and prevent rogue devices and unknown computers on your network.
You don't want unfamiliar devices on your network.