10-08-2010 05:50 AM
Since it isn't a rogue per se and it isn't a bridge or adhoc how will Aruba see it, classify it and handle it?
A school system is having issues with students setting up their phones as mobile hotspots and allowing other kids to attach to it and then getting around the web filters.
I want to make sure we can address this with a proposed Aruba implementation including WIP.
Sr. Network Engineer - SecurEdge Networks
ACMP / ACDX / AWMP
10-08-2010 11:15 AM
The controller will provide you with information on the number/name of APs that can 'hear' this device advertising, the relative signal strength, and ALSO the number of clients attached. The client list is also recorded to provide a list of MAC addresses of clients that are associated to this device. You can thus quickly find popular hotspots with a few mouse clicks.
Our Airwave application can take the correlation a step further(e.g. automating it further) by looking at the # of APs that can hear the mobile phone (More Aruba APs hearing the mobile phone hotspot, typically means its 'inbetween' the APs, and thus inside your building), the signal strength(higher means its in your building) is also recorded and displayed which can be used in rule-sets to automatically determine if the device is close enough to your own infrastructure (e.g. inside your building) to be of concern.
Airwave also allows an automated email alert to be generated immediately when hotspots pop up and meet the criteria above. (lets say -65 dBm or stronger, AND a minimum of 3 APs 'hearing' the hotspot = send me an email) You can then have Airwave/Controller/Aruba APs take action on devices that meet the criteria that indicates to you that they are within your premises.
On another note, if your organization utilizes a fixed set of client equipment(e.g. laptops) you could classify all your assets as Valid Clients within the Aruba controller, all the SSIDs you advertise as VALID, and then invoke our WIP functionality to protect Valid stations from communicating with all but the authorized Valid WLAN (your infrastructure). Once student owned devices (the norm today) are introduced this functionality becomes unscalable though.
A Layer 8 approach may also be a good idea in such environments. The same policies that keep students from chatting/texting on Mobile phones in class should be extended to data use as well. Violating the layer 8 policy = immediate confiscation (like the old days) should act as a detterent as well as the strategies outlined above. ;)
10-08-2010 01:55 PM
Alternately, a less hostile approach would be to use AirWaves VisualRF component to locate these hotspot APs and send someone out to confiscate the device.
Coming in ArubaOS 6.0 these classification features are trickling down from AirWave into the controllers themselves. The possibiliites will be slightly more limited but the result will be the same. In addition, we will be updating our containment technology to be able to reliably contain more of these devices simultaneously without interfering with authorized networks on the same channels.
10-09-2010 01:01 PM