|Read about Lisa|
If your company hasn't yet taken the 802.11 plunge, that doesn't mean that your office is Wi-Fi-free. Unless you're far from other businesses, 802.11 APs owned by neighboring companies may transmit signals that reach your location. Employees may have deployed 802.11 on their own, using inexpensive APs or peer-to-peer connections between laptops. Vendors, contractors, customers and other visitors may carry 802.11-enabled devices into your office without even realizing it. In fact, odds are actually pretty darn good that 802.11 has found its way into your office.
How can you tell? Try using a basic WLAN discovery tool, commonly referred to as a "Stumbler." Such tools are both freely available and easy to use. All you need is a laptop with an 802.11 network adapter and a discovery tool that supports your OS and adapter. Here's a short list of freely available "Stumblers" to help you get started:
- Dstumbler (BSD)
- MacStumbler (MacOS X)
- NetStumbler (Windows)
- MiniStumbler (Pocket PC)
- WaveStumbler (Linux)
These tools will identify 802.11 infrastructure APs or ad hoc peers transmitting in your vicinity. It's possible to "stumble" on a desktop, but you'll probably want to use a laptop to wander your office, since results vary depending upon distance from the transmitter. When you find an AP or peer, track it down by walking in the direction of increasing signal strength. Don't forget to look upstairs and downstairs in a multi-floor building. You'll also want to repeatedly spot-check over time -- if that gets too labor-intensive in a large facility, consider using a wireless IDS instead.
If you discover 802.11 WLANs that don't belong to you operating nearby, there's little you can do except be aware they exist and warn employees not to connect to them. If you find unauthorized APs or adapters installed in your facility or on company laptops, you can take steps to eliminate them or make sure they're being used securely. Either way, forewarned is forearmed, so stop, look, listen and discover what's out there.
About the author: Lisa Phifer is vice president of Core Competence, Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
Do you have comments about this article, or suggestions for Lisa to write about in future columns? Let us know!