An increasing new threat to 802.11 wlan security in school networks these days are the mobile hotspots students carry around with them that are built into their phones.
Newer Android based phones (i.e. Droid X) have an application that functions as a mobile 2.4GHz WiFi hotspot allowing up to 5 users to connect to it and access the internet via the 3G cellular connection. There are also dedicated wifi hotspot devices like the Sprint MiFi which does the same thing.
The scenario that is playing out in schools everywhere is that the students are setting these “Rogue Hotspots” up and allowing their friends to connect to them. This is a way for them to circumvent the web content filters and other network security the schools have put in place to control internet sites the students can access on the schools wired and wireless networks.
We are increasingly being asked what can be done to prevent this. Here is what we advise;
- Put a wireless intrusion detection and prevention system in place. Without wireless IDS/IPS capabilities the only way to discover these Rogue AP Hotspots is to walk around all day with a WiFi analyzer probing for them.
- Then set your Intrusion Detection & Protection Module to trigger on the following conditions;
- Rogue AP signal quality better than -80dBm (this may need to be adjusted based on your environment)
- More than two AP’s hear the possible “Rogue Hotspot” – this increases the likelihood that the unit is within your building(s).
- Time alive for the Wifi Hotspot is greater than 5 minutes
- Clients connected to it is equal to or greater than 1
- Create an alert based on these triggers to email or text you this discovery.
- Go out and use your Ray Gun to disintegrate the Rogue – the device not the kid!
A policy defining these devices and promising confiscation should be significant in deterring them but there will always be the envelope pushers who want to test your capabilities. Be ready for them!!
Feel free to contact us with any questions or download our free wireless design guide