Posted by: jasonk2600 | December 11, 2009

Wireless Security and RF Surveys


Wireless access points can give rise to major computer network security concerns.  Should your organization decide to implement wireless networking, it is important to verify that the access points (AP’s) are operating as expected.  Utilizing wireless networks increases the organization’s attack footprint, making it vulnerable to war driving and potential attack.  WiFi can also extend the network beyond the physical boundaries of your location.  Surveying radio frequency (RF) signals at your location verifies that the AP’s are operating as desired.  The information collected from the survey can also alert you to any unauthorized AP’s, peer-to-peer wireless networks, or clandestine RF transmitters (corporate espionage).  These potential vulnerabilities make a RF survey useful even if your organization has not implemented wireless networking.  This document will cover the very basic steps of conducting a RF survey of wireless networks.


Required Equipment 

A basic RF survey is inexpensive and fairly simple to carryout.  Only a few tools are required; a frequency counter, a directional antenna, and a WiFi enabled laptop.  The pictures below show an example of a mobile frequency counter and a directional antenna that has been tuned for the 2.4GHz band.


Optional Equipment

To further examine the results of the basic RF survey a radio scanner with discriminator output and signal analysis software can be used to identify what information is being transmitted over the air.  An portable spectrum analyzer can also provide additional detail on the types and frequencies of radio transmissions present at your site.  The pictures below show a mobile trunk tracking scanner that is capable of discriminator output and the second picture shows a portable RF spectrum analyzer.


Surveying RF Radiation Sources

Begin surveying the grounds of your organization from the outer perimeter of the property.  Work your way towards the center of the property in the manner of a spiral.  Make sure to keep the directional antenna pointed towards the center of the property and constantly monitor the frequency counter for any hits within either of the WiFi spectrums (2.4GHz and 5GHz).  Plotting the points at which you are able and unable to detect your access points’ signal will provide you a map of the virtual boundaries of the wireless network.


Tuning WiFi Signal Strength

The map that was created from the previously mentioned RF survey can be used to properly tune your access points’ signal strength.  As a result of the survey, it may be necessary to add additional AP’s to provide wireless network access to areas of the organization that do not receive sufficient signal strength.  On the other hand, any WiFi signals that reach beyond the physical boundaries of the organization are unnecessary and open the network to war driving and subsequent attacks.  Many access points will allow the end-user to adjust the output power of the onboard radio.  If this is not possible then consider moving the access point(s) to a different location, deeper within the confines of your organization’s building.


Sweeping for Rogue Wireless Access Points

WiFi access points have become cheap and abundant and thus present the risk of someone connecting a rogue AP to your network.  To begin sweeping for rogue AP’s disable or power down all of your legitimate access points and survey the property again for an WiFi radio signals.  A portable spectrum analyzer with a directional antenna makes tracking down a rogue AP simple.  Follow the unauthorized WiFi signal as it gets stronger and stronger until the AP has been located.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: