Using Nessus to Detect Wireless Access Points
The detection of wireless access points (WAPs) has become a major source of activity for many enterprise security groups. Conducting physical inspections of each campus location with handheld, laptop computers or even dedicated "wireless monitors" to find unauthorized access points is time consuming. Fortunately, these efforts may be enhanced through detection of WAPs with the Nessus vulnerability scanner.
This paper will discuss the techniques used by Nessus to efficiently scan for wireless access points. It will also highlight some of the advantages and disadvantages of scanning with Nessus as compared to manual physical audits. Recommendations for writing signatures to detect new types of WAPs will also be covered.
This paper assumes that the reader is familiar with the Nessus vulnerability scanner operating and basic wireless technology. Unless specifically stated, the WAPs that support the 802.11b protocol are assumed.