Rogue access points detection
for enhanced network security
What is a rogue access point?
A “Rogue AP” is a wireless access point that propagates the same SSID of another network, without explicit authorization from the network administrator. Through this hacking technique, the unfriendly access points can access your clients’ data, threatening your network’s security.
Although this is a somewhat rare occurrence, the Tanaza Rogue AP Detection feature helps you detect any unwanted/unfriendly APs in your network and secure it.
Why is this feature important?
An access point is able to “listen” and “speak” with clients’ devices through a wireless connection.
During the execution of the “Rogue access point” scan, the access point stops transmitting a signal and insteads listens for signals coming from other wireless networks. This way, it can detect other devices transmitting a Wi-Fi signal. The scan results in a list of all of the SSIDs within the Wi-Fi coverage of the selected AP.
The access point is able to check whether the AP transmitting an SSID is a Tanaza-powered AP, or not.
Once the scan is completed, the feature will provide you with 3 separate lists:
- Friendly APs: These are “the good guys”, consisting of access points with the Tanaza firmware installed.
- Rogue APs: These are “the bad guys”, non-tanaza flashed APs which broadcasts the same SSID as the Tanaza Powered AP currently scanning the network. A rogue AP can be thought of as an external, unwanted, hidden AP pretending to be a friendly AP.
- Beacons received during scan: This list includes every single SSID that the access point can see during its scan, regardless of whether or not it’s a friendly. This list includes all the external access points as well as those with Tanaza firmware installed.
Based on the image above, 0 Rogue APs have been detected. What is more, according to the received beacons during scan list in this image, we can deduce that the best channel to choose to get a stronger signal is Channel 1 and the worst channel is 11 because it is the most congested. Consider that the 3 non-overlapping channels are 1, 6 & 11.
In fact, detecting unwanted access points within a location is not the only purpose of this feature. This feature is also very useful to understand what other SSIDs are being broadcasted and which channels other devices are using.
For example, if multiple access points (Tanaza powered ones and 3rd party) are using the same channel or frequency, this can cost interference and result in a low quality connection. If this is the case, you can use this list to see which channels to avoid and which channel to switch to as it less crowded (less traffic). Learn more about how to pick the right channel.
How can I activate this?
If you have a Tanaza powered AP, activating the rogue AP feature is simple.
- Go to the Rogue AP tab on your Tanaza Account
- Enable it (it can only be enabled per AP)
- Click on Start Scan to scan your network
Click here for a more detailed instruction on How to use the Rogue AP detection feature.
Consider that the scan takes a couple of minutes and that, during the scan, Wi-Fi clients get disconnected and cannot re-connect.