This is the last post in a 3 part series about dumb mistakes network administrators make when configuring wireless networks. In previous sections, I talked about avoiding excessive SSIDs and about the importance of broadcasting the SSID.
1. Time slicing wireless intrusion detection: There are two main ways to conduct wireless intrusion detection - one is through a dedicated sensor and the other is through time slicing. Access points that use time slicing take a sliver of time when not servicing stations (laptops, etc.) and scan off channel to provide intrusion detection functionality. One major wireless manufacture defaults to scanning off channel for 50 milliseconds every 15 seconds. Upon first hearing this statistic, I thought it sounded like a reasonable interval. However, when I extrapolated this information, I realized that comes out to approximately 4.5 minutes of scanning every 24 hour period. That's right, less than 5 minutes of scanning per day!
What's the alternative, you ask? Instead of time slicing, you can use dedicated sensors. These sensors scan the network 24 hours a day, 7 days a week, 365 days a year. There are two types of dedicated sensors, embedded or overlay sensors.
Embedded sensors utilize an additional radio within the same AP/device. Embedded sensors report to the same WLAN controller and/or management platform that control the access point radios responsible for serving client access.
Overlay sensors on the other hand are separate devices, often from a different manufacturer than that of the Access Points. Overlay sensors usually report to their own separate server.
Personally, I prefer embedded sensors as they cut down on the number of cable runs, switch ports, installation time, etc. Using APs and sensors from the same manufacturer also has some advantages when it comes to a single point of support, lower maintenance costs, etc. However, the most important point here is to use dedicated sensors of any type instead of using a wireless intrusion detection system that leverages time slicing.
Well, that's it: excessive SSIDs, "hiding" the SSID, and time slicing wireless intrusion detection. What dumb mistakes do you see network administrators make when configuring a wireless LAN? Let me know by submitting a comment in the section below!