A two-step plan for securing WLANs

Why paying attention to encryption is key to secure WLANs

Luke Mason is a hands-on IT Manager working in the music industry in the UK. Each month, Mason will share a problem he has experienced and the solution he developed.

As if the usual things that can and do go wrong in IT aren’t enough to drive us crazy, we IT managers have to deal with the occasional anomalies, those annoying little problems that at first appear to have no cause and, therefore, no solution. These are the times when you have to step up and become IT’s version of Sherlock Holmes.

I recently encountered an interesting problem on the job. When Mark, an employee, phoned me and said, “Can you come and have a look at my computer? It's gone all funny,” I was pretty certain that I was going to have to free up at least half an hour of my afternoon. Mark is one of those users who are a blessing to the lazy among us and a nightmare to the diligent. He will ignore any error message that comes his way, no matter how serious he thinks it sounds. He realized that restarting his PC was a good way of sorting out some errors. When NT presents him with a dialog stating that “a domain controller for this domain could not be contacted,” he clicks OK and tries to continue. When Outlook starts whining about address books, he again homes in on the OK button and only starts to worry when he meets some nonsense about POP3 servers, “whatever they are.”

The background
Mark’s PC is running on our semiexperimental wireless network along with three other people's on the same floor. Pinging anything other than localhost proved that there was no connection to the network, and both servers were humming and clicking merrily away with no sign of any problems. Everyone else on the wireless net was still connected, so it had to be Mark’s computer. He still had a green signal light on the network card, so something was getting through, but I didn’t know how much.

The configuration utility that comes with the Netgear MA301 cards that we use helpfully installs itself in the startup folder of all users of the machine, and even comes complete with two handy little meters showing signal quality and link strength. Rather unhelpfully, the utility refuses to run unless you have administrator rights, so it has to be removed from the startup profile again shortly after installation. Logging on as an administrator, I could see that the signal strength was at 6%—not very good when the access point is only a few feet away and 802.11b is supposed to provide full 11Mbps at a distance of 30.5 metres (100 feet)!

What went wrong
Wireless cards work, in the same way as mobile phones, on a line-of-sight principle. Anything solid that gets in the way of them absorbs some or all of the signal. That's why mobile phones often work better if you stand next to a window; glass doesn’t absorb so much of the radiation as a concrete or brick wall. A desk had recently been moved into the line between the access point in my office and Mark’s PC, and I hadn’t expected a few sheets of pine to interfere with the signal, but this was the only possible cause of the dropped connection. This problem only manifested itself a few days afterwards, and why the signal didn’t drop as soon as the desk was moved, I couldn’t fathom. I didn't have a spare card around to swap into Mark’s PC, so the only thing I could try was to move the access point.

The solution
With the wireless network’s newfound sensitivity to carelessly placed inanimate objects, I had to be careful not to block someone else out of the signal. In true “hit it and hope” fashion, I wiggled the antennae on the access point and moved it as far as its patch lead would allow: the 6 percent meter didn’t change. The only solution I could think of was to run a longer CAT 5 cable to the other side of the room and place the access point on top of my cabinet. With this done, Mark’s signal strength shot up to 97 percent, and his PC could once again join in the fun on our domain.

Why did this happen? I’m not sure, I’ve walked a laptop with a wireless card down two flights of stairs to the second floor, and I still had a signal higher than 6 percent. Two users sit on the other side of a wall to the access point and receive signals in the high 90s. I can’t really believe that a wooden desk could block that strong a signal; after all, that would make wireless networks in general a little ineffective, wouldn’t it? One guess is that the wireless card has a fault on it. Possibly it affected signal strength, and moving the access point fixed it, or maybe it was simply an intermittent problem that corrected itself. Maybe the desk or something in it had strange properties in blocking microwave radiation. Perhaps Mark’s mobile phone interfered with the signal, equivalent to your car stereo's announcing an incoming call by barking and groaning at you through its speakers.

The point is that when you’re dealing with wireless networks, you can’t ever really be sure. At least with CAT5 you can safely assume that the cabling within your building is sound. Swapping a patch cable is simple and, unlike wireless cards, they don’t cost $100, so you can afford to keep spares. Once the integrity of the physical link is established, you can start the process of examining the software configuration of the PC, but with a wireless network you’re feeling your way in the dark. I don’t mind keeping track of a few cards, but I wouldn’t like to go anywhere near an office with more than 10. If Mark’s card experiences any more problems, or I figure out the solution, you’ll be the first to know.

This month’s IT head-slapper
On the subject of network devices and wireless networks, how safe are your power sockets? A strange question, I know, but bear with me. We recently hired a new cleaning firm at my company, and one of the new recruits apparently took silent and stealthy pleasure in unplugging our Cisco router so that they could plug in a vacuum cleaner—leaving our mail server, the online backup, and anyone trying to connect wondering what had happened. Never mind that the router was mounted on the wall, below what I thought was a pretty terrifying patch panel stuffed with blinking lights and sprouting yellow and blue patch cables. Never mind that the voicemail system was purring and ticking away next to it in what even I consider to be an unnecessarily intimidating fashion. The fact that the plug was in the wall in the normal way was permission enough for the cleaner to disconnect it. And it just served to show me that there are a lot of little hazard areas that I’m unlikely to think about until danger strikes.

There’s really no foolproof solution for this problem. I doubt many people can afford to UPS their routers and switches, and if your patch panel doesn’t have power built in, you’re left with little alternative than to use the power sockets on the wall. The best bet? Place a clear sign on the wall. Now go and write "Do Not Unplug" on all of your network equipment, before it happens to you.

Can you relate?
Have you found yourself troubleshooting an IT problem with the finesse of a detective? Send us some mail or post a comment to this article.