About Wireless Network Threats

The most common wi-fi threats to your wireless network include:

  • Unauthorized Wi-Fi on the enterprise LAN — This includes unauthorized rogue APs and rogue clients on your network.
  • Poorly secured enterprise Wi-Fi — Your network is vulnerable from insecure or misconfigured APs.
  • Employees bypassing enterprise security — Employees can introduce threats with unauthorized mobile hotspots or connections to Honeypot/Evil Twin APs and APs external to your network.


Diagram of common Wi-Fi attack scenarios

WatchGuard Wi-Fi Cloud WIPS can detect and prevent these types of wireless threats:

Diagram of common Wi-Fi attacks

Over-the-Wire Threats

  • Rogue AP — Unauthorized APs connected to your network that your clients connect to instead of your Authorized APs. A rogue access point can be an unauthorized AP connected to your network by someone inside your organization without consent. These access points are security risks to your wireless and wired networks if they do not have proper security features enabled. A rogue access point can also be an AP external to your wireless network that is within your network range.
  • Client Misassociation — Authorized clients on your network that associate to external neighborhood APs.
  • Misconfigured AP — APs connected to your network with a configuration that does not conform to your Authorized WLAN Policy.
  • Banned Device — In the Banned Device list, you can define the MAC addresses of wireless devices and clients that are blocked from connecting to your wireless network. For example, you can enter MAC addresses that belong to laptops of employees who are no longer with the organization.
  • Unauthorized Association — Unauthorized clients that connect to your Authorized APs. An attacker can gain access to your network through Authorized APs if the security is weak. Unauthorized or uncategorized client connections to an Authorized AP using a Guest SSID are not treated as unauthorized associations.
  • AP MAC Spoofing — An AP that spoofs the wireless MAC address of an Authorized AP. An attacker can launch an attack through an AP masquerading as a legitimate AP.

Over-the-Air Threats

  • Honeypot /Evil Twin AP — These are rogue APs from nearby networks that broadcast the same SSID as an Authorized AP to appear as a legitimate AP on your network. Clients may connect to these Honeypot or Evil Twin APs and communicate vulnerable data.
  • Denial of Service (DoS) Attack — DoS attacks degrade and disrupt the performance of your wireless network.
  • Rogue Client — Rogue clients are unauthorized clients that connect to your wireless network.
  • Ad hoc Connection — An ad hoc connection is a peer-to-peer connection between clients. Corporate data on an authorized client is vulnerable if it is communicated to an unauthorized client in an ad hoc connection.
  • ICS (Internet Connection Sharing) / Bridging Client — A client that has bridged its wired and wireless adapters to allow unauthorized Wi-Fi access.