One reason why rogue wireless access points are a bigger risk at universities

December 3, 2016

One of my opinions on rogue wireless access points is that they're a bigger risk at universities than they probably generally are at companies. Even if they were set up at exactly the same rate and in the same relative places in your network at a company and at a university, the university has it worse.

The problem for universities in specific is that so much of our building space is in practice open to the public. Sure, theoretically maybe it's only supposed to be used by university students, staff, professors, and officially approved visitors, but in practice there are no badge checks or other bureaucracy at building entrances. You can stroll right in and walk around in the corridors of almost any building, and those open corridors will generally get you fairly close to almost all space in our buildings.

(Specific office space, lab space, and so on is often closed off with locks and other access restrictions that you can't get past. But buildings themselves are rarely locked up during working hours.)

This makes a random WAP with a short range much more accessible to an outsider, especially a casually equipped one. You can basically go 'war-walking' around our buildings to see what turns up on your wireless device, and if you find anything interesting you can lean up against the wall while you poke at your phone, laptop, or whatever and no one is going to look at you twice.

(It's completely routine for me to find a group of people all sitting on the floor in a corridor, clustered around a laptop and some electronics. I believe they're Engineering undergrads working on projects but I don't exactly know for sure, and no one's likely to challenge yet another group that looks like that.)

My impression is that companies generally try for much more control of physical access to their space than this. Entrance to buildings and large areas inside buildings is actively controlled, with security and badges and so on, and as a result you can't easily just stroll in off the street and wander around. The practical effect is that a rogue WAP in a room somewhere inside the building is much less accessible to outsiders because they can't easily get close enough to it to use it (or even to know that it's there).

(It's probably not completely inaccessible to an attacker with an enhanced antenna and other gadgets. But at least the attacker has to work harder and get somewhat luckier, and you're at the point that they've decided to actively target you with what that implies.)

PS: The same physical access issues apply to any wired network drops that are in open areas or areas that are merely left accessible and unattended on a routine basis (such as meeting rooms, although those are often locked when not in use for various reasons). But generally the risks here are relatively clear to the people putting in the drops and connecting them up to whatever network they're connected to.

Written on 03 December 2016.
« IPv6, point to point links, and subnet lengths
Terminals are not enough (personal edition) »

Page tools: View Source.
Search:
Login: Password:

Last modified: Sat Dec 3 00:10:45 2016
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.