Keep your mitts off my MiFi – why rogue policies matter | NETSCOUT

Keep your mitts off my MiFi – why rogue policies matter

Recently, the FCC announced that it had fined Marriott $600.000 for “intentionally interfering with and disabling Wi-Fi networks” at the Gaylord Opryland Hotel in Nashville, Tennessee. The FCC’s ruling stems from a guest’s complaint in March 2013 that his mobile hotspot could not maintain a connection in the convention center’s ballroom. Specifically:

“The complainant alleged that the Gaylord Opryland was jamming mobile hotspots so that you can’t use them in the convention space.” Marriott has admitted that one or more of its employees used containment features of a Wi-Fi monitoring system at the Gaylord Opryland to prevent consumers from connecting to the Internet via their own personal Wi-Fi networks. The Bureau investigated this matter to assess Marriott’s compliance with Section 333 of the Act.”

“In the course of its investigation, the Bureau discovered that one or more Marriott employees had used the containment capability discussed in paragraph 5 in a manner that the Bureau believes violates Section 333. Specifically, such employees had used this capability to prevent users from connecting to the Internet via their own personal Wi- Fi networks when these users did not pose a threat to the security of the Gaylord Opryland network or its guests.”

In reaching its decision, the FCC further observed:

“The growing use of technologies that unlawfully block consumers from creating their own Wi-Fi networks via their personal hotspot devices unjustifiably prevents consumers from enjoying services they have paid for and stymies the convenience and innovation associated with Wi-Fi Internet access.”

Good news or bad?
This ruling is reassuring for consumers (such as myself) who routinely travel with a mobile hotspot – whether smartphone or “MiFi.” There are many sound reasons to use a mobile hotspot, including cost, security, performance, and predictability. When faced with an unknown, unsecured public hotspot, I’d much rather “bring my own” by piggy-backing onto my smartphone’s mobile broadband.

But this ruling also raises real concern among enterprise WLAN professionals who make use of rogue detection and prevention capabilities to safeguard their company’s airspace. While I'm no lawyer, my read of this FCC decision is that there's no reason to panic -- provided that your organization uses well-designed, accurate, tightly-focused rogue detection and prevention tools and policies.

For starters, note the phrase “in a manner that…violates Section 333” – this refers to jamming, a sledge-hammer, take-no-prisoners approach to wireless containment. Although the ruling also states that the wireless containment method used by Marriott was deauthenticate frames, this phrasing suggests that containment was used far too broadly, interfering with all personal hotspot use.

More importantly, note the phrase “when these users did not pose a threat to the security of the [hotel] network or its guests.” This implies that Marriott’s actions would have passed muster with the FCC if their goal was indeed threat prevention. It seems the FCC agrees that WLAN operators have a right to defend their own networks (or users) from attack; what operators cannot do is arbitrarily prevent consumers from using FCC- approved devices to create their own WLANs.

These phrases lead me to believe that well-designed, accurate, tightly-focused tools and policies are the way to avoid running afoul of this FCC ruling.

Minding your manners
Having used a variety of AP-embedded rogue containment and WIPS-based rogue management capabilities, I know there are real differences in the accuracy of rogue classification – and the level of granularity that can be achieved through policy. Rogue detection based on a coarse “you’re either with us or against us” classification raises many time-wasting false alarms. If set to wirelessly block all suspected rogues, that scheme will also make your near neighbors and visitors rather unhappy.

More sophisticated rogue management tools – including NETSCOUT AirMagnet Enterprise -- can apply automated tracing and other meaningful criteria to quickly and reliably differentiate between unknown APs and “true rogues.” For example, is the unknown AP physically connected to a switch port inside your network? Is the unknown AP located in a restricted area of your facility, off-limits to consumers? What kind of device is the unknown AP; is it passing attack traffic? Situational awareness and the ability to accurately answer these questions can whittle away those false positives, helping you focus on high-risk rogues.

Ultimately, this FCC ruling is about rogue containment, not detection. A tool that offers a binary choice – ignore or deauthenticate – leaves no room for containment mistakes. A WIPS such as AirMagnet Enterprise offers greater flexibility, supporting policy-driven actions that range from log, email, text, and page to forensic traffic capture, wired switch port blocking, and wireless blocking. Such policies enable escalation and threat-based response, letting you use wireless containment very selectively, when truly warranted.

Finally, the FCC’s settlement requires Marriott to document its compliance by reporting the details of all future wireless containment actions. Not only does this imply that containment can still be used when warranted; it highlights the importance of logging, reporting, and auditing. Rogue containment is not a “set it and forget it” practice. To be safe, WLAN operators must monitor and fine-tune their own rogue policies to ensure proper operation.


Related WLAN Resources

Powered By OneLink