Finding and Securing Rogue Devices
- Lewis Quin
- Reading Time: 5 mins
Rogue Devices: Undetected Threats
One of the most overlooked yet significant threats to network security is rogue devices—unauthorized hardware or endpoints that connect to your network without your knowledge. These rogue devices can range from employee-owned laptops to external devices like printers, phones, or USB drives. Whether intentional or accidental, when these devices bypass your security protocols, they create gaps that hackers can exploit, putting your business at serious risk.
Rogue devices can operate in a way that mimics the behavior of Advanced Persistent Threats (APTs), allowing malicious entities to operate undetected within your environment indefinitely if you do not have the correct tools in place to identify these types of device.
Uninvited Guests: Possible Entry Points
Rogue devices can connect to your network in a variety of ways, often without triggering immediate alerts. These devices might be personal laptops, smartphones, printers, or even IoT devices brought in by employees or contractors, or even those devices operated by malicious actors. Devices might connect through Wi-Fi, plugging into Ethernet ports, or even VPN.
The Unintentional Threat
The threat of rogue devices isn’t just limited to malicious actors; it also includes devices owned by employees, which can pose a significant risk to your business. While employees may not intentionally compromise security, personal devices—such as smartphones, laptops, and tablets—often lack the same level of security controls as company-owned equipment. They may have outdated software, or may not be adequately protected from threats such as malware.
Case Study: Rogues Devices Connecting to Wi-Fi
A retail customer’s use of Pre-Shared Keys (PSK) for their wireless network introduced several issues concerning rogue devices connecting to their network. While Pre-Shared-Keys (PSKs) are easy to configure, they create a significant risk concerning unauthorized access. Two notable concerns are:
- The same PSK must typically be installed on every device that wishes to connect to the Wi-Fi network, and therefore this does not scale well when considering password changes.
- Wi-Fi passwords can often be viewed in clear-text on devices that have connected to the Wi-Fi network in the past. This means that all mobile devices (e.g. laptops, phones, etc.) are carrying sensitive information (i.e wireless password) that could be used to compromise to your network.
Compensating Controls
Organizations will try to account for the shortcoming of wireless PSKs by implementing MAC address filtering. A MAC address is a unique identifier tied to the network adapter of a device. The idea is wireless access can be limited to devices with ‘authorized’ MAC addresses.
Unfortunately, due to the way that wireless networks operate it is very easy to view the MAC addresses of devices connecting to the wireless network. This can easily be done without being connected to the network. Once our attacker has identified this information they can simply make the MAC address of their machine look like an authorized device (i.e. spoofing).
There are various stronger and more scalable authentication options available for wireless networks which customers should consider when implementing their wireless infrastructure.
If you’re concerned about rogue devices and want better visibility and control over what connects to your network, we can help. Our XploitGuardian service can detect unauthorized devices and enforce security policies to keep your network secure. Contact us today to take control of your network security!
