EDUCAUSE Southwest Regional Conference 2005 FCC Rogue Access

EDUCAUSE Southwest Regional Conference 2005 FCC, Rogue Access Points, and Security: Can We Get There From Here? Copyright William Hargrove and Doug Jackson 2005. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors. William Hargrove Executive Director, Information Resources UT Dallas Doug Jackson Director, Technology Customer Services UT Dallas

Background l Wireless at UTD – Response to provisioning campus buildings/classrooms where wiring was too expensive or otherwise impractical. – Response to Student Pressure to Wire Apartments l Apartment Complex Challenge – No Campus Connectivity – Estimates to Wire Prohibitive

The Problem: l Apartment Network Instability – Frequent Equipment Resets – Unexplained Utilization Difficulties l We Discovered – “Malware” Running Rampant – Private Access Point Proliferation/Interference l Potential for Abuse – Common WEP Key – Authentication Spoofing

Initial Response l l Eliminate Private A/P’s Investigate Security Alternatives

Student Push-Back l l l FCC Rules Citations Posts to Discussion Groups Student Government Involvement

FCC Rules l l FCC Act of 1934 (47 USC, Sec. 1 et. seq. ) FCC 1996 OTARD Regulations (CFR Title 47, Sec. 1. 4000)

Over The Air Reception Devices OTARD l l Restrictions on Antenna Placement Effective January 22, 1999, the Commission amended the rule so that it also applies to rental property where the renter has an exclusive use area, such as a balcony or patio. On October 25, 2000, the Commission further amended the rule so that it applies to customerend antennas that receive and transmit fixed wireless signals. This amendment became effective on May 25, 2001. http: //www. fcc. gov/mb/facts/otard. html

More on OTARD l “The rule only applies to restrictions on property where the viewer has an ownership or leasehold interest and exclusive use or control. ” l CFR Title - Section 1. 4000 http: //wireless. fcc. gov/siting/otard. html

Exception? On the current record, we decline to extend the protections of our Section 207 rules to college dormitories. Purdue University argues that college housing is unique and, as such, should be exempt from our rules. Purdue Comments at 4. No one responded to Purdue's comments, and because no one has shown that a university has the same relationship to a dormitory resident as a landlord to a tenant, that a dormitory room is a leasehold, that landlord-tenant law applies equally to dormitories, or that the practical problems associated with extending our rules to leaseholds can be similarly resolved with respect to dormitories, we have no basis to cover college dormitories by our Section 207 rules at this time. Where, however, the relationship between a university and a viewer bears sufficient attributes of a commercial landlord-tenant relationship (e. g. , where a university leases a single family home to a faculty member), our Section 207 rules will apply. l 73 l http: //www. fcc. gov/Bureaus/Cable/Orders/1998/fcc 98273. pdf

Airports Hit Brick Wall in Regulating Unlicensed Radio l FEDERAL COMMUNICATIONS COMMISSION STAFF CLARIFIES FCC’S ROLE REGARDING RADIO INTERFERENCE MATTERS AND ITS RULES GOVERNING CUSTOMER ANTENNAS AND OTHER UNLICENSED EQUIPMENT l The FCC’s Office of Engineering and Technology says that the function of regulating and coordinating frequency use is reserved to the FCC itself. The report says in part, the FCC has exclusive authority to resolve matters involving radio frequency interference [RFI] when unlicensed devices are being used, regardless of venue. We also affirm that the rights that consumers have under our rules to install and operate customer antennas one meter or less in size apply to the operation of unlicensed equipment, such as Wi-Fi access points - just as they do to the use of equipment in connection with fixed wireless services licensed by the FCC. l http: //hraunfoss. fcc. gov/edocs_public/attachmatch/DA-04 -1844 A 1. pdf

Meanwhile, back at the university…

Problem? What Problem? UTD leases apartments to students and provides basic network connectivity for residents via Wi. Fi Some residents acquire & setup their own Wi. Fi Access Points (which are protected by the FCC) Other residents berate IT to provide better signal (I. e. - no interference) Frustrated residents then get their own AP’s & service (leading to more interference)

Solution? What Solution? a) Alter future lease contracts to disallow certain devices? b) Ignore the FCC, force rogues to be shut down (& blame it on the boss!)? c) Leave the students to their own devices? d) Ask the Navy to use FCC for target practice? ANSWER: NONE of the above!?

What is UTD Doing Now? a) b) c) d) e) f) g) Problem reported to Help Desk, preliminary analysis performed Computer brought to Helpdesk, Basic configuration analyzed Hardware tested in known environment (Help. Desk) Computer then tested at apartment by user Test with university equipment outside apartment Browse for rogue AP’s/networks Tell student no solution available from university

What are the Alternatives? a) b) c) d) e) Proprietary solutions Unauthenticated Disassociation 802. 11 a Wired service Remove all services

What Does the Future Hold? a) b) c) Europe has Wi. Fi and cellular jammers available for use in locations such as restaurants, theatres, churches, etc. (FCC does not allow this in USA) Potential impacts include social changes, metro vs. corporate networks co-existing, “free” vs. commercial services… This is an issue that will need to be addressed and has no clear precedent.

What Do YOU Think?