When Enterprise WLANs Go Bad

The Marriott wireless debacle underscores the difficulty of managing WLANs, which are often neglected in the enterprise.

Michele Chubirka

February 2, 2015

4 Min Read
Network Computing logo

When Marriott International recently abandoned its quest to block personal wireless hotspots on its properties, the Internet heaved a collective sigh of relief. The press and customers lambasted Marriott last year after it interfered with its guests' ability to use personal WiFi devices by classifying them as "rogue" and sending deauthentication packets to disconnect them.

Many demonized Marriott and its attempts to protect the airspace of its hotels and conference spaces from security threats and interference as another big, bad corporate giant taking advantage of the consumer. But it seems like the FCC has taken sides with Marriott's stance, issuing a statement last week that willfully blocking WiFi hotspots is illegal.

Poor enterprise wireless networks -- so maligned, so misunderstood. If you've ever had to manage a WLAN, it's easy to feel sorry for a hotel chain as it tries to provide ubiquitous, reliable, safe connectivity to customers. The wireless network is often more of an afterthought in an organization; you just plug in the access points (APs) and they work, right? Then, like a splash of cold water, the harsh realities of WLAN management surface.

There's the problem of interference from building materials, fixtures, and environmental surroundings. There's also congestion of the 2.4-GHz frequency, especially in urban areas. In addition to dealing with finicky legacy hardware, problematic software drivers, and interference from consumer WiFi equipment, WLAN managers fear being a sitting duck for every hacker with a Pineapple router running SSLstrip.

What every organization needs is a good wireless engineer, someone who is more magician than scientist. Managing those invisible radio waves flowing through the air often seems like some beautiful, dark art. While cajoling the WLAN frames through the air, there's less certainty than with wired switching; it's more of a suggestion.

Unfortunately, many can't afford a dedicated person to build or manage a wireless network. Moreover, quite a few network engineers are either mystified by the 802.11 protocols, or they treat wireless networking with disdain. This is the source of the problem. Maybe a consultant was hired when the equipment was first installed, but there's no money for training existing staff or to conduct site surveys to validate proper AP placement for optimal coverage.

Who has the knowledge, time, or energy to troubleshoot interference or disconnection issues with a spectrum analyzer, even if it's built into the AP? Forget about tracking down rogue APs or miscreants trying to hijack user connections, because remediating malware and mitigating attacks against the wired network is already a full-time job. The result is frustrated users, over-extended network administrators, and exasperated security analysts.

The problems with most wireless networks often lie dormant until an organization decides to undertake a BYOD project. Previously, any issues were merely subtle feelings of discontent that things weren't quite right. But underlying problems explode when personal devices belonging to staff, including senior leadership, invade the enterprise. There's nothing like watching a CIO have a meltdown when an old cached password on a tablet causes cascading account lockouts on his or her other devices.

While you may not be a fan of Marriott's attempts to control its WLAN, regardless of whether or not the aim was monetization, it's difficult not to identify with the company's plight. Wireless is a thankless endeavor. It's almost impossible to explain the physics of interference to users, who only know that they want all their devices to work NOW.

So let's resolve to give some much-needed attention to our underappreciated wireless networks. We need to understand that the WLAN is a parallel network in terms of the level of effort required, not just an extension of the wired network. It also needs special care and feeding due to the complexity of the physical behavior of radio waves. This means education and training for staff or outsourcing management of the WLAN.

Mobility initiatives demand that the wireless network be treated like a critical part of the infrastructure, not a postscript in the enterprise. To ignore this, by failing to add value to the business, IT groups risk becoming irrelevant in their own organizations.

Attend Michele Chubirka's live session, Demystifying Wireless Security Using Open Source Options, one of the dozens of learning opportunities at Interop Las Vegas this spring. Don't miss out! Register now for Interop, April 27 to May 1, and receive $200 off.

Read more about:


About the Author(s)

Michele Chubirka

Security Architect

Michele Chubirka, also known as Mrs. Y, is a recovering Unix engineer with a focus on network security. She likes long walks in hubsites, traveling to security conferences, and spending extended hours in the Bat Cave. She believes every problem can be solved with a "for" loop. She also hosts a podcast called Healthy Paranoia, a security feed of Packetpushers. You can find her blogs and podcasts at http://www.healthyparanoia.net or http://packetpushers.net/author/securityprincess. When not blogging or podcasting, she can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights