Apply The Brakes On The WIPS debate?


In the last month, since the FCC’s fine of the Nashville Marriott, many discussions have circulated rising question of who might be fined next.

The great debate over the FCC fine hinges on one important element – unlicensed radio frequency airspace, within the United States, is owned by the FCC. In the case of unlicensed spectrum, such as 2.4GHz and 5GHz Wi-Fi bands, the FCC permits end-users to operate networks in accordance with their rules. What remains a hard fact is that the FCC does not grant exclusive rights or ownership of unlicensed spectrum regardless of installation within public or private property.

It is of equal importance to understand that both infrastructure vendors who build Access Points and device manufacturers all certify in accordance with FCC rules – where each radiating system (combination of radio + antenna type/gain) is tested and assigned allowed maximum power for applied bands and channels.

When approved, and certified for use, end-users are permitted to operate their Wi-Fi network using selected infrastructure and devices – however the FCC remains in jurisdiction at all times. They can enforce their rules and penalties against parties operating outside granted parameters at their discretion.

As we look into the issue at the Marriott hotel we must remain mindful that the airspace inside of the Marriott conference center is not privately owned. While the hotel chain was not actually jamming the RF they were, instead, utilizing a fairly simple technique that many wireless infrastructure products support: de-authentication packets (aka, deauth).

For most Wi-Fi systems, the ability to deauth a client from the network is typically combined as a countermeasure feature within a Wireless IPS solution set. The deauth simply sends the client a packet that based on Wi-Fi alliance standards forces the client to leave a network and try again. The use of deauth packets is by no means jamming the RF – it is instead a nuisance and annoyance, and when used in repetition would result in extremely frustrated end-users as their device continually drops off the network. Imagine having your laptop tethered to your smartphone hotspot and it continually drops.

This is exactly what Marriott was doing to patrons in their facility. Clearly they were taking advantage of having a captive audience and forcing payment for use of their Wi-Fi system. This, when you break it down, is what the FCC fined them for.

While I can only offer an opinion on the FCC’s decision to fine Marriott, I think a more important point remains open: can WLANs still utilize Wireless IPS solutions?

My answer: Absolutely. And, don’t be scared about leaving yours on. When properly configured, WIPS solutions inclusive of deauth packets can be very effective.

Here are my tips and best practices:

1. Be a good corporate citizen and respect the FCC’s rules

2. Utilize Wireless IPS solutions to protect your network and defend against attacks such as:

* Rogues: Unauthorized APs that are physically connected to your wired network

* SSID Spoofing: Unauthorized APs not physically connected to your LAN but are broadcasting your corporate SSID (often used for Man In The Middle attacks)

* Both of these cases are malicious, and the attacker is trying to obtain access to corporate data, corporate client devices or both

3. Utilize containment and countermeasures provided by your vendor to defend against attacks directed at your organization

4. Understand the concept of Neighboring networks and leave them alone

* If Neighboring networks are other inhabitants of your building, houses on your street, within a college dorm, ect. – try to work with them to optimize channel selection, and reduce co-channel interference

5. Utilize integrated location capabilities (if available) to help track down neighboring networks if they are found to be a significant source of interference

6. Never use containment or countermeasure features against neighboring networks –  This is what Marriott was doing, and it turned out to be costly

7. Test your WIPS implementation often

* Make sure your countermeasures and protection is working to keep your network protected

* Make sure you are not affecting neighboring networks

8. Continue to understand the nature of unlicensed spectrum and keep rule #1 rule top of mind

I firmly believe that every Wi-Fi network within the United States can continue utilizing Wireless IPS solutions, inclusive of countermeasures, but proper configuration and validation is mandatory.

As we move forward into the future, especially with our eyes focused towards the explosive growth of IoT devices, we cannot afford to let our guards down and discontinue use of WIPS. In fact, WIPS solutions are going to become more and more important as we move forward. Don’t apply the brake now!

For more insight check out the next episode of On The Fly Wi-Fi, November 14th at Noon/EST, where we’ll be chatting with @DevinAkin on Securing the IoT.

Please leave a comment or connect with us on twitter: @OnTheFlyWiFi or @MikeLeibovitz

Leave a Reply