Posts Tagged ‘networking’

By Jeff Orloff

It was the day before the state’s standardized testing day, and I received a call from the assistant principal. At the school district where I was working, standardized testing is done mostly online, so it was certainly bad news when the assistant principal told me that half of the computers in the facility were not working. The school, located in a juvenile detention facility, had about 60 students using computers in eight  different rooms with three servers; a domain controller, an application server, and a media server for online courses that the students could take.

When I arrived at the school, one of the teachers showed me the strange problem. The teachers could not access any of the practice tests, retrieve documents, or access data from other network based applications. They could, however, get online and students could access their online courses — but the videos that delivered lectures were lagging.

Rogue Device to Blame

The computers were obviously attached to a network, since they were able to access the Internet. But running the simple IPCONFIG test on the computers showed a Class C network address opposed to the Class A block that was given out to all computers on the district network. Immediately, I thought that somehow our computers were connecting to the detention facility’s network. Checking one of their computers, I noticed that they, too, were using Class A IP addresses. Now I was starting to worry.

Clearly, something was on the network that was acting as a DHCP server. It would have been easy to ask the teachers if they had brought in a device that they shouldn’t have, but by this time everyone was gone for the day with the exception of myself, the administrator, and the one teacher who was helping me out. Using a laptop with RogueChecker installed on it, I was able to connect to the network and immediately find a server that was pushing out addresses to roughly half the campus. Now I just needed to find it.

RogueChecker in action

Using NetStumbler, I was able to look at the IP address of the server with the different wireless access points in the building. Sure enough, the server IP address of the rogue device shown in RogueChecker matched up with one found in NetStumbler. Using the signal strength indicator we could now narrow down our search to one wing of the building.

Identifying Rogue Devices

Sure enough, one of the classrooms had an off-the-shelf brand wireless router plugged into the network jack which was promptly removed. Once all the computers were restarted, we were able to restore access to network folders, data and most importantly the application that would run the assessment for the students the next day.

For a school this size, the process of finding the exact location of the rogue device was not that difficult a task. On a large secondary school, or university, the search would be more problematic and would take the efforts of many more people. In fact, one of the best methods I have seen to handle this task involves crowdsourcing.

The methodology is similar to this case. First the rogue device needs to be verified and then the location narrowed down using technology, generally more than one person searching for the device’s signal. Once you can eliminate a majority of the campus you need to enlist the help of as many willing participants as you can find to help search for the device by assigning each a geographic location that they are responsible for making sure that the assignments overlap as much as possible to ensure nothing is left unturned.

We recently talked to Glenn Evans, InteropNet’s lead engineer. InteropNet is the open WiFi network that provides connectivity to all Interop attendees and exhibitors and is one of the world’s largest temporary networks. That’s no surprise, considering Interop is one of the IT industry’s biggest conferences and expos, boasting more than 13,000 attendees. We asked Evans for his security advice for attendees of the upcoming show, which is taking place in Las Vegas from May 8 to 12.

He told us, InteropNet provides both open and WPA2 wireless networks for use by attendees and exhibitors.
“InteropNet protects its Core Systems and Services with various firewall and IDS/IPS Systems,” Evans said.  “But, general data traffic is open.”

With unencrypted traffic flowing on the networks, attendees run the risk of having data intercepted by third parties. To protect against this, Evans recommends that attendees who are planning to connect to their corporate networks or access any important information be sure they’re using a VPN.

“I’d make this recommendation to anyone attending any trade show,” Evans added.
Good advice. Readers, do you use VPNs at trade shows?

Stay tuned next week for more on Interop, including more on our chat with Evans.
Follow this conversation on Twitter @VPNHaus.

Enterprise Networking Planet, IPv6 Day is Coming (But Not Until June)
Gartner Blog, Security Search Shenanigans – Where is NAC on the Hype Cycle?
Insecure About Security, Nearly Half of Large Mid-Market and Enterprise Organizations Will Increase Networking Spending in 2011
InfoWorld, Security Admins: Prepare for Tomorrow’s Tech Trend Today

The Wall Street Journal has reported on security issues hindering the adoption of tablets, like the iPad, at some colleges. Students are expected to be a major market for tablets, given the availability of electronic books and growth of wireless networks. But the piece casts doubt on the feasibility of this, with security issues among several factors leaving the college market in question.

While several colleges are openly embracing the iPad, network administrators are having fits over how to protect their campus systems under such strains. Sheer volume of wireless demand aside, students represent complex issues, ranging from rampant malware spread to jumping from on/off campus hotspots to outright network abuse.

Why the logjam? It appears the ‘latest and greatest’ wireless devices are truly next generation technology, so much so that college network technologies are being left in the dust. And rethinking wireless remote access is aging network administrators at a rapid clip.

Case in point, George Washington University has said its wireless network security features don’t support the iPad and Princeton University said earlier this week that it has blocked about 20% of the devices on its network after detecting malfunctions, with potential to impact the entire school’s systems, according to the WSJ. Cornell University has also encountered networking and connectivity snafus related to the iPad.

Despite these issues, the tablet’s appeal for colleges is evident and will likely grow. Many of the schools mentioned in the WSJ article are working to mitigate these networking problems, and solutions are expected to emerge. Even so, wrestling with network integration of hot new wireless technologies will continue to frustrate colleges as tablets become mainstream and as students demand better network access for these products.

What do you think? Should colleges restrict tablet usage because of networking problems? What can manufacturers such as Apple do to help these institutions adopt more quickly?

Let us know your thoughts.