Even if you do not have a wireless network (WLAN), you need to watch out for Rogue APs on your LAN.

If you are responsible for provisioning, operating or managing a Wireless LAN (a WLAN), it is imperative that you proactively be on a look out for Rogue APs and unauthorized Wireless Routers/Bridges or Repeaters that someone may have sneaked within (or in close proximity of) your wireless network.

Considering that a large majority of Rogue APs are found to be consumer-grade (cheap) unmanaged devices, they are particularly difficult to discover -especially if your own network is built using similar (cheap, unmanaged) networking devices. If your network has been properly designed (to be security-centric), and has been implemented using enterprise grade (managed) networking hardware, detecting uninvited/rogue devices within your networking space is not very difficult.

We have listed below some of the ways to detecting Rogue APs within your LANs/WLANs:

• Examine your Access/Error Logs: Assuming that you have a few layers of network access policies in place, and that you have enabled logging of access (successful, and failures) events, you would almost always see an abnormal entry in your access logs -especially in your error logs. If you do not like to go through those log files manually, or if you have several log files to deal with, consider using one of the many (desktop applications or hosted) Log File Analyzers. Almost all network security breaches (especially those involving Rogue APs) are preceded by suspicious log entries.
  
• Take Periodic Inventory of Devices on Your LAN/WLAN: Most managed networking devices broadcast themselves on their wired/LAN interfaces. It is important, therefore, to not only accurately maintain a catalog of all devices connected to your LAN segments, but also to periodically compare it with your actual LAN topology. Unless you know the identities of network devices that are authorized on your LAN/WLAN, there is no way you will be able to tell if a Rogue AP (or two) has latched onto your networking infrastructure.
  
• Scan for Unknown APs & Radios: Considering that most consumer-grade (cheap, unmanaged) APs do not broadcast their presence on your LAN, you have to actively go looking for those from time to time.

  Search your facility using a Sniffer software tool (such as AirSnort, NetStumbler, or other wireless radio frequency usage mapping/scanning tools) to see if there are any "unknown" radio transmitters within your network or in close proximity thereof.

  If you are using a scanner that is designed for wifi (802.11b, 2.4GHz) spectrum, you also need to scan for other (802.11a, 802.11g, etc) protocol frequencies -such as 5GHz or 5.8GHz frequency channels.

• Install Probes: Electronic devices designed to continually probe your network space for detection of rogue APs are available. They continuously scan for unknown radio transmitters and alert you when they find one.
  
• Use Managed APs that Support Rogue AP Detection: Some of the enterprise-class APs come with a management software application that provide Rogue AP Detection (RAD) right out of the box. Enable RAD features, monitor and review its reports.
  
• Review Devices Connected to Various Switch Ports: Most managed switches provide you a detailed log -including information on what devices were connected to a port, and for what duration. Of course, if you have unmanaged switches (or even hubs!) on your LAN, you would not have this all-important data. If your network design engineer (or your favorite nephew) has installed any of the above, you should seriously consider replacing them with managed switches. Most managed switches are not very expensive, and if you consider the value of those detailed logs and the ability to implement/monitor/enforce security at port level granularity, they are priceless.
  
• Suspect Every Device that has Management Reporting Function Turned Off: An intruder is quite likely to turn off the management reporting function before attaching his rogue device to your LAN -thereby completely obscuring it from your network management control application.

  At times, you may also find that a non-reporting/unmanaged device is actually one of your own AP or a Switch that has its Management Function accidentally turned off.

  However, a managed device poses no lesser threat if it its network reporting functions are turned-off, disabled, or misconfigured.

  As a matter of caution, therefore, you should treat every networking device that has it management function turned off to be a potentially hostile/rogue device.

• Consider All Unmanaged APs to be Rogue APs: -unless they are proven to be otherwise. Considering that unmanaged (cheap, consumer-grade) are designed not to advertise themselves, they may remain completely unknown/transparent to your network administrators -even after several of such parasitic/Rogue APs may have managed to latch onto your private wired/wireless network. These kinds of dumb devices would not respond back to you even if you were to send out (broadcast) a probe in an attempt to discover, locate, and identify them. It would be prudent, therefore, to treat all unmanaged devices as potentially rogue devices.

Detecting Rogue APs even on a well-designed LAN/WLAN may be difficult, but who said maintaining a secure network was a spectator sport? You need to have the right (i.e. managed) networking hardware, a set of well-defined security policies, and an ongoing system monitoring and review schedule in place to continually be on a look out for any parasitic/rogue devices that may have penetrated boundaries of your network.