Cease and desist

A rogue, according to the Oxford dictionary, is a person who is dishonest and unprincipled.

In the wireless industry Rogue Access Points (APs) are unauthorised wireless devices that are either connected to your internal network infrastructure (this is the part where you go white) or are performing some malicious activity against your network.

Since a rogue is a security threat to the business, how do we find them?  And if we find them, how do we stop them?

Enter the Wireless Intrusion Detection System (WIDS) or Intrusion Prevention System (WIPS).  A WIDS/WIPS takes time to setup and burn in but done right it can be a valuable asset to minimise the threat of Rogue APs.

WIDS and WIPS are easy to explain.  WIDS is a monitor, detect-only system; basically it will discover a problem and alert you to it.  WIPS will go a step further and depending on how it is configured, either begin an automated or a manual action to contain the threat.

Most enterprise wireless security offerings these days provide a combined WIDS/WIPS solution.  These commercial solutions provide reporting and an audit trail than can be useful for management and if required, legal purposes.

It is worth considering installing dedicated sensors in your network. Sensor Access Points are normal APs, but configured as ‘listen-only’ or ‘monitor-mode’.  This way they can spend 100% of their time scanning for threats (or mitigating them) and they do not interfere with the production wireless network.

Sensor APs provide a great service to the production WiFi system in two areas: they offload the task of scanning and they offload the task of containment/mitigation.  Relieving your primary, production wireless system of these tasks means it can be left alone to fulfil its primary purpose in life: service the user community.

One other useful advantage to sensor APs is that if they are of the same model as the production APs; they can be rapidly converted to production use should a production Access Point fail.

To finish up, which would you believe to be the most common Rogue AP threat to businesses out of:
a) Hackers
b) Internal staff
c) Contractors

The answer is, overwhelmingly, internal staff.  Who have no malicious intent and are probably trying to be more productive when they connect a personal AP to the internal network.

But when this happens, out the window goes the company security policies and you are left with another entry/exit point to your internal network. One that for potentially months at a time, no-one will be any the wiser.

802.11ac – Is it worth the investment? Part 2 of 2.

A brief recap:  in Part 1, I talked about what 802.11ac can provide and left it asking whether we should invest in 11ac.

If you are in a greenfield (new) situation, I would recommend 802.11ac.  Even if you do not need the technology at this stage, newer devices will have support for it and will be able to take advantage of it if it is there.  The population of client devices in your organisation supporting 11ac will only increase.  This is a natural progression, as newer standards become the norm.

If at present there are only a few laptops that support 11ac, for a small percentage of the user base, a costly redesign and upgrade exercise may not make an adequate return on investment.

I touched on caveats in Part 1.  One of these is that in order to reach the highest speeds, your environment may require that you deploy larger numbers of Wireless Access Points than what you have now.  The reason for this is that the particular speed increases that look so attractive require no obstructions (e.g. walls) between client and Access Point.  More Access Points may be required to service the same number of users today.

As each business environment is unique and by that I mean not the organisation as a whole but each location or operations within that business may have different technology in use and operate in different environments.  For example a warehouse vs an office vs on-board a train or a ship, etc.  Should a particular environment not lend itself to the performance enhancements that 11ac offers, then it may be a difficult sell to push for an upgrade.

One option is to wait for Wave 2 before any significant investment is to be made.  Wave 2 promises something Wi-Fi has not yet been able to do: deliver data to more than one client simultaneously.  It may seem that it does that already, with a group of you sharing the Wi-Fi in your office.  But what the wireless service is actually doing is slicing up the airtime at a very fast rate (in microseconds) and sharing it between you, so that it appears as if you are downloading at the same time.  With 11ac Wave 2, you actually will be.