Computerworld - I faced two issues this week, and both came about as a result of security policies that have been routinely ignored. The first had to do with our wireless LAN infrastructure.
Although I work out of the main data center, I frequently travel to the corporate headquarters campus. On those occasions, I often use my iPaq Pocket PC and AirMagnet Inc.'s software to scan for rogue access points on the WLAN. The installation of unauthorized APs has been a continuing problem, so when I detected one the other day, I wasn't surprised.
This AP registered a signal strength of about 70% -- strong enough to lead me to believe that it wasn't transmitting from outside of my company's offices. Indeed, I was able to associate to the AP, open a browser window and get to the corporate intranet. The device had no encryption enabled, it was broadcasting the Service Set Identifier code, and the AP gave my device an IP address that wasn't within our corporate address range.
I called the network engineering group and gave it my device's media access control address and location, thinking that they could log into the switch that was serving the location, look up my MAC address, identify the port and trace it to a specific wall jack. In the past, I've successfully identified rogue APs in this manner.
However, in this instance, the group wasn't able to find my MAC address. I even had the network engineer check some nearby switches, but no luck. Then I tried using AirMagnet's Find utility, which works as a signal-strength meter to help locate the AP. I've gotten close in the past using this method, but it still requires that I peek into employee offices, conference rooms, break areas and so on, to visually locate the AP. In the process, employees have gotten upset with me and started complaining.
This time, however, it worked like a charm. I could see the AP sitting right on top of an employee's monitor.
The device was a WLAN router, which explains why my MAC address didn't show up on the switch port. Because this AP functioned as a router, not a hub, the MAC address wouldn't have registered on the switch. The employee wasn't in, so I had the facilities department open his office. I then unplugged the AP and left a note indicating why I had disconnected it.
Later, the employee said he had installed the AP because his boss "said it would be OK." Neither of them had
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
