What is a Rogue Access Point?
A Rogue Access Point is an access point that is installed on the network without authorization. This could be an employee that didn't go through the proper channels, but it could also be an intruder or a disgruntled employee with malicious intent. Unlike an Evil Twin that may only copy network details down to the SSID and password, a Rogue Access Point actually gives access to the network. After an attacker has installed a Rogue Access Point they now have the opportunity to attack remotely from within the network. There are tools that can make it very easy for an attacker to plug a malicious access point into your network in only a few minutes.
How to Spot a Rogue Access Point
Rogue Access points can be detected with the use of a walking audit. Discover all of the access points that are connected to the network and check that they are authorized and legitimate access points. Another option is to install a device like SONAR that constantly monitors the Wi-Fi and alerts on potential threats.