Hi Kelvin, That OEQ was rather good. I gave it some thought and scrolled through the help of my WCS server. Which in fact is very good and explains a lot of things.
It is a rouge AP so It cant be a friendly based on that fact. Malicious is the same thing basically as a rouge. So they are probably looking for a classification of that rouge. I first read through the classifications of rouges and didn't see a clear answer to that questions but for everyone I like to share this info. "Rogue Access Point Classification Types Rogue access points classification types include: Malicious-Detected but untrusted or unknown access points with a malicious intent within the system. They also refer to access points that fit the user-defined malicious rules or have been manually moved from the friendly access point classification. See "Malicious Rogue APs" for more information. Friendly-Known, acknowledged, or trusted access points. They also refer to access points that fit the user-defined friendly rogue access point rules. Friendly rogue access points cannot be contained. See "Friendly Rogue APs" for more information. For more information on configuring friendly access point rules, see "Configuring Friendly AP Controller Templates". Unclassified-Rogue access point that are not classified as either malicious or friendly. These access points can be contained and can be moved manually to the friendly rogue access point list. See for more information. See "Unclassified Rogue APs" for more information." However when I was reading this I just remembered that I have sometimes got this warning in WCS in real setups. "With Honey pot AP detected" And this seems to best answer to this question. Do you guys agree ? "Honey Pot AP Detected Alarm Description and Possible Causes The addition of WLANs in the corporate environment introduces a whole new class of threats for network security. RF signals that penetrate walls and extend beyond intended boundaries can expose the network to unauthorized users. A rogue access point can put the entire corporate network at risk for outside penetration and attack. Not to understate the threat of the rogue access point, there are many other wireless security risks and intrusions such as mis-configured access points, unconfigured access points, and DoS (denial-of-service) attacks. One of the most effective attacks facing enterprise networks implementing wireless is the use of a "honey pot" access point. An intruder uses tools such as NetStumbler, Wellenreiter, and MiniStumbler to discover the SSID of the corporate access point. Then the intruder sets up an access point outside the building premises or, if possible, within the premises and broadcasts the discovered corporate SSID. An unsuspecting client then connects to this "honey pot" access point with a higher signal strength. When associated, the intruder performs attacks against the client station because traffic is diverted through the "honey pot" access point. wIPS Solution When a "honey pot" access point is identified and reported by the Cisco Adaptive Wireless IPS, the WLAN administrator may use the integrated over-the-air physical location capabilities, or trace device on the wired network using rogue location discovery protocol (RLDP) or switchport tracing to find the rogue device. " regards. Kristjan ---------------------------------------------------------------------- Message: 1 Date: Fri, 15 Oct 2010 08:24:00 +0200 From: Kelvin Dam <[email protected]> To: Stalder Dominic <[email protected]>, [email protected] Subject: Re: [CCIE Wireless] OEQ Answers (second) Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" First question in that doc: *A rouge access point broadcasting a trusted SSID is called what? They are called ?Trusted APs? or ?Friendly APs?.* Is wrong I believe...A Rogue broadcasting a trusted SSID is a Evil Twin to the best of my knowledge? Kelvin 2010/10/13 Stalder Dominic <[email protected]> > And here with the small answer list ;-) > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Kelvin Dam -------------- next part -------------- _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
