How AP Classification Protects Network Optimization - Wyebot

How AP Classification Protects Network Optimization

July 9, 2020

Access Points (APs) create wireless local area networks (WLANs) by connecting to wired networks and then projecting a WiFi signal into a designated area.  Large office spaces, warehouses, hospitals, schools, and many other facilities depend on APs to supply the WiFi connection needed by thousands of wireless devices.  If there are any problems with access points, the entire network can be disrupted.  Devices can lose their WiFi connection, productivity can drop, and security holes can appear.  This is why organizations must know the health and status of all APs – including whether or not certain APs are even supposed to be on the network.

AP Classification

Different AP Classification tools use different names to categorize access points, but the goal is always the same: determine which APs belong to an organization, which are friendly and belong to neighbors, and which are malicious and pose a security threat.

Your Access Points

Identifying your access points is a necessary step for network optimization.  No network can be fully optimized without complete visibility, and part of that visibility comes from identifying every device that is connected to the network, wired and wireless.  Classifying known APs enables IT to know the capabilities and network requirements of every AP.  With that information, teams can better identify when an AP is degrading or experiencing other issues, and determine how best to resolve the problem, whether through an upgrade, a replacement, or other means.

Additionally, telling a network which APs are authorized allows it to focus better on the possible threats posed by all unauthorized APs.

Friendly or Neighboring Access Points

There are a number of different ways that a neighboring AP can show up in your wireless ecosystem.  These APs can be anything from a hotspot in an employee’s car, to the access points of nearby homes or office buildings.  While not malicious, these unauthorized APs can still disrupt network operations – even if they aren’t connected to your organization’s network.  How?  

The wireless ecosystem is a shared medium, which means that neighboring access points can interfere with your own WiFi network causing disruption to your end users’ experience.   Classifying neighboring APs allows IT to identify when these devices are the root cause of interference.  At that point, IT teams can make the network changes necessary to resolve users’ issues.  This wouldn’t be possible with a system that only identified its own, network-connected access points.

In addition to potential interference, neighboring APs can also create a security issue by allowing users to connect to the internet and bypass the company’s content filter. Identifying the AP as “not mine” alerts IT to any potential threat, and gives them the data that they need to proactively address it.

Unauthorized Access Points

Unauthorized APs are any access points that do not have permission to operate within the business. They can be deployed by people inside your organization (employees or even students in schools) or by people outside your organization.  There can be a number of reasons why someone installs their own AP:

  • Students or employees connecting a hotspot for unrestricted network access
  • Employees trying to get faster WiFi
  • A malicious user who wants access to secure information or to interfere with network operations

Unauthorized APs can be standalone or connected to the wired network. In either case, they can also duplicate beacons transmitted by authorized APs to trick clients into connecting into the unauthorized AP. 

For unauthorized APs that are connected to the wired network, they can undermine security in a number of ways.  Even non-malicious users, such as employees searching for a faster connection, have now connected something to the network that isn’t as secure as it should be.  Whether they connect their own APs, or find these unsecured hotspots, hackers can:

  • Stage a DoS attack
  • Steal private information
  • Broadcast a fake SSID to attract other devices
  • And more

Once an analytics solution knows which APs are unauthorized it can immediately and automatically alert IT when those APs are on the premise. IT can then take all necessary steps to remove the APs and secure network operations.

Network Optimization

WiFi networks are dynamic ecosystems.  IT must have complete visibility into network activity and constant monitoring of network performance in order to ensure that the network provides consistent and reliable service.  AP Classification is an important part of this optimization process because APs are such a vital part of the network.  Once all APs are classified, IT can take the necessary steps to defend against confirmed threats, proactively preventing issues from arising and affecting end-users.  Network security is enhanced, and network performance is protected.