One of my current job duties involves detecting, locating, and confiscating rogue wireless access points here at work.
From a security standpoint, wireless devices are a nightmare. On multiple occasions, (probably) well-meaning employees have brought wireless routers from home and connected to our network here at work. Sometimes people do this to add wireless network access to an area that does not currently have it. We’ve had people bring wireless routers to work before that didn’t even know they were wireless routers (the antenna on top should have been a clue). One guy who “just needed a few extra network ports) suddenly disrupted operations by plugging in a wireless router with DHCP enabled.
There are two ways to prevent this. The first is education. We tell people what they are and are not allowed to bring to work and connect to our network. (Essentially the rule is, if the hardware wasn’t issued by us, it shouldn’t be on the network.) As you can probably guess, many people believe that rules only apply to everybody else. The second way to prevent unauthorized network connectivity is through technical reasons. Unfortunately due to the size of our campus and the number of different organizations co-located here, a complete list of every authorized network device is essentially impossible to maintain.
With prevention essentially ruled out, that’s where I come in. One of my job tasks involves driving around our campus on a regular basis, searching for wireless devices. Yes. I get paid to wardrive. While it sounds very exciting, it’s actually one of the most boring things in the world to watch. Typically our wardriving outings take two hours. The first hour is spend messing with the laptop, trying to get our wireless card, an external antenna, our software and our hardware to all cooperate. The second hour is spent driving around a small campus in one of our cars, doing 20mph.
We also respond to complaints about rogue wireless devices. We recieved one such call yesterday. A user complained that his laptop was repeatedly trying to connect to a non-authorized wireless access point. That’s when we mobilze. It’s like wardriving, except we walk. Warwalking, I suppose.
Yesterday, three of us set off on foot to find this supposed unauthorized wireless access point. I carried the laptop while my co-worker carried the large, wired antenna. The third guy was taller than me (I’m 6’0”) and was wearing a purple shirt and a purple tie. To say that the three of us looked conspicuous is an understatement. When we got to the building in question, we found that the door was locked and we needed to knock to enter. Yeah. We pretty much blew any element of surprise, and I made several jokes about looking like Ghostbusters again.
By the time we actually entered the building, word that “security” had arrived spread like wildfire. On our laptop we immediately detected one wireless access point. Using our directional antenna we began walking toward it until … BLIP. It disappeared. Someone had powered it off. We saw a second one and moments later … BLIP. It died, too.
The three of us couldn’t have been any more conspicuous unless we had been leading a parade. With no chance of discovering anything, we bravely turned our tails and fled. We definiately need a different plan of attack next time. My iPhone does a pretty good job of detecting wiireless access points (WiFiFoFum works great). Maybe I can rig up something a little less obvious using a backpack or something.
You guys are way too forgiving. Unauthorized wireless access points around my workplace are a sure way have the gendarmes knocking on your office door.
“Gendarmes” – literally, “men with guns”.
Maybe you could try workin with a guy on the inside, aka the person who reported it in the first place.
there has to be an easier way. There must be a way to take a snapshot of all the mac address on the network and trigger an alarm when a new mac is seen on the net. eventually you would capture all company equipment a when the alarm went off just go follow the cable from the reported router and port.
@Anonymous: Unfortunately it’s not that easy. We have ~5,000 employees in ~30 buildings. Additionally, we have “tenant” organizations whose equipment we do not manage. It’s a nightmare to police, to say the least.
Sounds like someone needs RADIUS, NAC, and maybe some Defcon-style WAP active countermeasures. Throw in managed wireless settings for good measure.
You don’t need all that crap. All you need is the wifi detector shirt:
http://www.thinkgeek.com/tshirts-apparel/interactive/991e/
Or, the wifi detector cap:
http://www.thinkgeek.com/tshirts-apparel/hats-ties/bd12/
They’ll NEVER notice you now!!!
What Zeno said. If anyone tried that trick at my place of work, security would come down hard on the whole place until they found the wireless. They would search every office, every shelf, every drawer. If you complain about it they will remind you that, as a condition of getting the job. you signed a document relinquishing whatever rights of privacy you expected in this situation.