AC-18(2) — Monitoring Unauthorized Connections

Watch for unauthorized wireless access points (rogue APs). An employee plugging in a personal router or an attacker setting up a fake AP is a serious threat.

Example 1: Enable rogue AP detection on your wireless controller (Cisco WLC, Aruba). The controller uses your managed APs as sensors to detect any unauthorized SSIDs. Configure it to alert your network team immediately and optionally contain the rogue AP by deauthenticating clients connected to it.

Example 2: Conduct monthly wireless surveys using a tool like Ekahau or WiFi Analyzer. Walk the physical space looking for unknown SSIDs that were not detected by your controller. Include the parking lot and adjacent buildings. Document findings and investigate any unknown APs.