This article can also be found in the Premium Editorial Download "Network Evolution: Wireless LANs and Multimedia: Matching wired network performance and quality."
Download it now to read this article plus other related content.
In an environment with both computers and smartphones, how will Wi-Fi systems cope with ad
hoc network creation?
In a recent Wi-Fi trial I was running, there was ad hoc network creation from smartphones, in particular, early iPhones). How can we overcome this problem?
Business wireless LANs are facing increased RF competition from consumer electronic devices that form their own little Wi-Fi networks. Two very common examples include printers that support peer-to-peer print job submission by Wi-Fi clients and smartphones that support "personal wi-fi hotspot" 3G/4G Internet connection sharing.
Historically, printers have advertised 802.11 ad hoc mode SSIDs; these are now being gradually
replaced by Wi-Fi Direct. True ad hoc mode SSIDs are trivial for a Wireless IPS or WLAN with
built-in rogue AP scanning to detect and correctly classify. Even manual scanning tools like
NetStumbler can easily spot ad hoc mode SSIDs. Dealing with ad hoc network creation instances
1) Avoiding co-channel interference by letting your WLAN auto-change channels
2) Preventing legitimate users from connecting to unauthorized ad hocs by configuring client connection policies and/or instructing your WIPS to block ad hoc connections
Unfortunately, smartphones that advertise personal wi-fi hotspot SSIDs can be more difficult to reliably classify and deal with. Some personal hotspots are easily recognized by manufacturer or carrier-supplied SSIDs (e.g., "Lisa's iPhone"). But a blacklist based on SSID is easily evaded by reconfiguring personal wi-fi hotspot name. Some personal hotspots can also be recognized by MAC address (specifically, the manufacturer's OUI). However, OUI blacklists are also far from foolproof and onerous to maintain. As a result, we end up with an apparent explosion of transient rogue APs that move around.
So how does this complicate mitigation or avoidance? First, letting your WLAN auto-change channels to avoid channels used by these migratory little rogues could be disruptive. To minimize this, if your legitimate Wi-Fi client base supports 5GHz, consider maximizing 5 GHz use, since many smartphone rogues are (at least currently) 2.4 GHz-only. Better yet, use a signal strength or other threshold to tune your WLAN's RF management to avoid over-reacting to weak, short-lived smartphone rogues.
Second, letting your WIPS block connections to these smartphone rogues could hurt visitors,
neighboring businesses or legitimate users if device classification is weak. Address this by
learning how your WLAN and/or WIPS classifies personal hotspots. For example, do smartphone rogues
trigger Soft AP or Host AP, or potential Honeypot AP alerts? Can your WIPS use connectivity traces
or device fingerprinting to classify personal hotspots as external APs? Can you augment
classification by configuring basic SSID or OUI blacklists? Once you understand how smartphone
rogues are classified, you can make an informed decision about whether and where to enable WIPS
Unfortunately, I don't have a silver bullet recommendation to solve this. Smartphone hotspots are escalating and clogging our airspace; many are devices that lie beyond IT control. But recognizing where they exist and assessing their impact on your WLAN are critical first steps to responding appropriately to this unwelcome competition.
Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of networking, security, and management products for over 20 years. At Core Competence, she has advised companies large and small regarding security needs, product assessment, and use of emerging technologies and best practices. Before joining Core Competence, Phifer was a Member of Technical Staff at Bell Communications Research, where she won a president's award for her work on ATM Network Management. Phifer teaches about wireless LANs, mobile security, and VPNs at many industry conferences and webinars. She has written extensively about network infrastructure and security technologies for numerous publications, including Wi-Fi Planet, ISP-Planet, Business Communications Review, Information Security, and SearchSecurity. Phifer's monthly WLAN Advisor column is published by searchMobileComputing.
This was first published in September 2011