Wireless Intrusion Prevention Systems (WIPS) offer the ability to shut down dangerous or “rogue” Wi-Fi access points and clients. This is normally used to block the fake access points (APs) and client attack tools that hackers use to steal people’s personal data. But, many WIPS misclassify legitimate APs as dangerous and block them because their classification methods are prone to false positives and negatives. Not only is this annoying for customers or neighbors, but because the FCC has banned manufacturers from creating Wi-Fi devices that interfere with other Wi-Fi devices, it can be costly too.
For example, in 2014, Marriott was fined $600,000 after blocking consumer Wi-Fi networks (like phone hotspots) during an event at one of their hotel and conference centers. This led to more fines for other event organizers and hospitality companies in a “crackdown” over the next few years. In 2015, Wi-Fi service provider M.C. Dean was fined a record $718,000 for blocking Wi-Fi routers at a Baltimore convention center. Network World investigated the Wi-Fi blocking issue and found more than 50 complaints resulted in nearly $2.1 million in total fines.
The unfortunate result of all this is that many organizations have abandoned some of their WIPS security features in fear of blocking innocent APs and being fined by the FCC. WIPS usually offer an auto-block feature that’s a useful time-saver for overwhelmed security and network engineers. But, if the WIPS cannot identify the difference between a rogue AP and a device’s hotspot (or the router in the café next door) with a low margin of error, turning on auto-blocking could result in fines. Too many false positives also encourage engineers to ignore or turn off alerts, and investigating each one manually is not a realistic option for most organizations.
Fortunately, WatchGuard has solved this problem with our latest Wi-Fi Cloud WIPS/Wi-Fi Management platform. Our Marker Packet technology included in our new cloud-ready APs injects special packets into your wired network. These packets are then relayed to the wireless side by APs connected to the monitored wired network and are used to verify that any other AP or device in range is part of that network. Wi-Fi Cloud automatically classifies wireless devices as Authorized, Rogue or External with an extremely low false positive rate, so users can let the system automatically shut down unauthorized APs without illegally interfering with the neighbors. Click here to see how this works.
Dependable AP auto-classification is the key to reliable WIPS, which can eliminate FCC fines and ensure precision rogue detection. WatchGuard is the only provider that offers this level of performance and reliability.