Apologies in advance if this may not quite be the proper list for such a question... My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)? Feel free to reply off-list. Thanks! Andy --- Andy Grosser, CCNP andy at meniscus dot org ---
Unless you are looking to isolate a small box for such purposes as testing RF devices, I would not use a shielding technique to limit access to your wireless network. Containing 2.4GHz signals within a room of any reasonable size is extremely difficult. You would probably have to cover it with a double-walled, seamless sheet or fine grid of conductive material. Any holes, cracks, windows, or doors are likely to blow the whole deal. I'd recommend using both WEP and an encrypting VPN if you're worried about people getting on your network. Also make sure to turn off SSID broadcasts. Planning on limiting signal using a physical mechanism of some sort's just a little too scifi to be useful. Cheers, Doug On Wed, 26 Nov 2003, Andy Grosser wrote:
Apologies in advance if this may not quite be the proper list for such a question...
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
Feel free to reply off-list.
Thanks!
Andy
--- Andy Grosser, CCNP andy at meniscus dot org ---
On Wed, 2003-11-26 at 12:01 -0500, Andy Grosser wrote:
Apologies in advance if this may not quite be the proper list for such a question...
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
Unless you are going to convert the conference room into a Faraday Cage to block all radio transmissions in or out, it's not going to be worth the effort. And of course, a faraday cage will block cell phone reception as well. You probably better off putting the access points in a DMZ type subnet and using VPN to access the main networks. Enable WEP and shutdown SSID broadcasting. If the radios of the access points can be controlled, reduce the transmission power to limit signal propagation. -- Stephen L Johnson stephen.johnson@mail.state.ar.us Unix Systems Administrator sjohnson@monsters.org Department of Information Systems State of Arkansas 501-682-4339
Andy Grosser wrote:
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
Andy, What is wrong with the 'good old' 802.1x with EAP or WPA solution? -- Marco
Andy Grosser wrote:
My company is investigating the use of wireless in a couple of our conference rooms.
* marco@sara.nl (Marco Davids (SARA)) [Wed 26 Nov 2003, 21:30 CET]:
What is wrong with the 'good old' 802.1x with EAP or WPA solution?
There is a difference between keeping signals from leaking out, and keeping them from leaking out in decipherable form. In some situations the latter may be enough - hopefully it will be if you need to be "out" and still have signal. In other situations even that will be undesirable. I'm aware of at least one regular office building here that has extremely poor wireless (802.11b) reception through real walls. No idea how that was established, however, though I do believe it was done on purpose, and from Andy's story it seems as though it wouldn't have been enough anyway. Regards, -- Niels.
Speaking on Deep Background, the Press Secretary whispered:
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
As I told Andy, you need a "RayProof" or similar brand shielded conference room. This is Faraday Cage, with a tight-fighting door, etc. I don't know what they cost, but I've installed one or 2. Outside of labor, I suppose they might be in the $50-500K range or so, for small (12'x6') ones. Note it's a PITA to keep tight; as the door needs very tight-fitting gaskets. You'll need to bring phone/Ethernet in over fiber, but that's not hard. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Wed, 26 Nov 2003, David Lesher wrote:
Speaking on Deep Background, the Press Secretary whispered:
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
As I told Andy, you need a "RayProof" or similar brand shielded conference room. This is Faraday Cage, with a tight-fighting door, etc.
Uhm, dumb question. If it is that important, why are you using wireless at all? Why not install a cheap switch/hub in the middle of the conference table and let people plug a patch cord from the hub to their laptops? Stupid pen-test tricks, instead of using an expensive WiFi scanner and cracking WEP; often you can collect better intelligence with a radio turned to the frequency used by wireless lapel mics used by executives during briefings.
Speaking on Deep Background, the Press Secretary whispered:
Uhm, dumb question. If it is that important, why are you using wireless at all? Why not install a cheap switch/hub in the middle of the conference table and let people plug a patch cord from the hub to their laptops?
I have to agree. It's really insane to use the least-secure technology possible, and then spend a forture making it safe. Is the OP working at a Beltway Bandit, perhaps ;-? Plus, it only makes sense to run Wiremold w/ outlets down the table so users can plug in; it's not Rocket Science to provide a parallel run of Ethernet jacks... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
At 9:51 PM -0500 11/26/03, Sean Donelan wrote:
On Wed, 26 Nov 2003, David Lesher wrote:
Speaking on Deep Background, the Press Secretary whispered:
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
As I told Andy, you need a "RayProof" or similar brand shielded conference room. This is Faraday Cage, with a tight-fighting door, etc.
Uhm, dumb question. If it is that important, why are you using wireless at all? Why not install a cheap switch/hub in the middle of the conference table and let people plug a patch cord from the hub to their laptops?
Stupid pen-test tricks, instead of using an expensive WiFi scanner and cracking WEP; often you can collect better intelligence with a radio turned to the frequency used by wireless lapel mics used by executives during briefings.
Or by lecturers forgetting them as they went to the bathroom. I only did that once.
"Howard C. Berkowitz" wrote:
Stupid pen-test tricks, instead of using an expensive WiFi scanner and cracking WEP; often you can collect better intelligence with a radio turned to the frequency used by wireless lapel mics used by executives during briefings.
Or by lecturers forgetting them as they went to the bathroom. I only did that once.
[New Yorker cartoon of years gone by about the early shoulder-cameras the CreepyPeepy]
At 9:06 PM -0500 11/26/03, David Lesher wrote:
Speaking on Deep Background, the Press Secretary whispered:
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
As I told Andy, you need a "RayProof" or similar brand shielded conference room. This is Faraday Cage, with a tight-fighting door, etc.
I don't know what they cost, but I've installed one or 2. Outside of labor, I suppose they might be in the $50-500K range or so, for small (12'x6') ones.
Note it's a PITA to keep tight; as the door needs very tight-fitting gaskets.
You'll need to bring phone/Ethernet in over fiber, but that's not hard.
If you do put one in, and your local laws don't prevent smoking, make it an absolutely no-smoking area. Ventilation tends not to be wonderful. I was once attending a Federal Telecommunications Standards Committee meeting, where we were displaced from our regular conference room and given a SCIF vault/conference room. It was stuffy enough as we met for a couple of hours, but as we adjourned, the NSA representative lit a cigar. That's when we found out that the vault door was jammed. No simple cipherlock. Full combination lock. Trust me. Do not ever get in a mostly-sealed room with a dead cigar and some smoke remnants. When we got out, maybe two hours later, our faces matched the government green [1] walls. If this hadn't been in the then-Defense Communications Agency headquarters with resident locksmiths, I don't know how long we'd have been there! Seriously, give ventilation a lot of thought. You'll need ducts with grounded screening and lots of 90-degree bends. Also, consider having a kick-out panel for emergency escape. Even without high-security locks, I've seen the gasketed doors get stuck just in shielded labs. Think of fire protection -- you really don't want a fire suppression gas release in a vault. [1] I believe the proper descriptor for that shade of green is "gang".
There is an adage in the Wireless industry. If it will hold water it will hold RF Energy. Unfortunately this is true and the only method by which you can prevent the egress of 2.4 GHz signals from a defined area is by the use of a faraday cage and since the wavelength is short you need a very fine mesh screen or solid metal walls. This is expensive. If you really want to use wireless I would recommend a VPN solution with the authentication being a one time password solution. i.e. SecureID Scott C. McGrath On Wed, 26 Nov 2003, Andy Grosser wrote:
Apologies in advance if this may not quite be the proper list for such a question...
My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)?
Feel free to reply off-list.
Thanks!
Andy
--- Andy Grosser, CCNP andy at meniscus dot org ---
participants (10)
-
Andy Grosser
-
David Lesher
-
Doug Luce
-
Howard C. Berkowitz
-
Laurence F. Sheldon, Jr.
-
Marco Davids (SARA)
-
Niels Bakker
-
Scott McGrath
-
Sean Donelan
-
Stephen L Johnson