Ask Engadget: block WiFi the right way
by Ryan Block 
posted Mar 30th 2006 at 6:39PM
It's time once again, everyone
for another round of Ask Engadget! This week we've got a special surprise -- the long sought after and fabled Ask
Engadget email address. Ready for it? Send your questions to ask at engadget dawt com and we'll take
it to the court of public opinion once weekly, as usual. Last time Nick B wanted to know what's up with
digital camcorders, this week Brian C wants to know how to RF sheild WiFi:My company uses WiFi to share internet throughout our small building, but there are literally dozens of other wifi signals around that are messing with ours, leading to flaky and unreliable connections. We've tried getting bigger antennae, which worked for a while, but now the problem is back. Does anyone know of a way to (legally) shield our building from other wifi signals so that we can connect to ours on peace?
Great question Brian, we've heard of a few solutions ourselves, but we'll let the voice of the masses take it away on this one.
Reader Comments (Page 1 of 2)
Alex @ Mar 30th 2006 6:44PM
1st post
Paul @ Mar 30th 2006 6:53PM
If you use Intel based wireless cards (pci ones, built-into centrino notebooks for example), you can use the Intel Pro wireless software to define preferred networks, and networks you wish to block and never connect to. I think some sort of a software to do this for other cards should be available as well.
eric @ Mar 30th 2006 6:55PM
I'm assuming you're using something other than the default channel for your wireless, and you have your own SSID that is not broadcasted and you're using at least WPA2, right?
Paul @ Mar 30th 2006 6:57PM
See also
http://www.forcefieldwireless.com/index.html
Dan Fishkin @ Mar 30th 2006 6:58PM
hello Brian, what you might want to do, rather than blocking out the connections...is to just not have any assisiation with them. what i mean by this is to not be connected with them. you could do this by adding a Password to your wireless internet router, then all computers would need a password in order to have any interference with your router whatsoever. As for your computers, you can make a profile on your wireless card program (the software that comes with most wireless adapters) this way your computer would only look for that connection, having the password incorperated with this would only make it harder for interference. if that doesnt work i would recomend swiching to a g router, i am assuming you would only get so much interence on a a/b router. try this out it should work. hope to hear from you soon.
Dan
wasabi @ Mar 30th 2006 7:00PM
how about wrapping the place up in tinfoil?
its a small building right? ;)
havanahjoe @ Mar 30th 2006 7:01PM
I don't think the problem that they are having has to do with a space filled with SSIDs. The problem is interference and sadly there are only 3 overlapping channels that can be used reliably for 2.4 Ghz wireless networking which would be channels 1, 6 and 11. Any other channel in between will cause interference (2 will interfere with 1, 4 will interfere with 1 and 6 and so on).
The best solution would be to do some frequency planning, but since everyone can put up their own AP now it's almost imposible to do. Best things to try at first are to move off Channel 6 which is the default on most devices. Try 1 and 11. If that doesn't work then some shielding will have to be installed in windows or walls.
Use Netstumbler to find the offending signals, find the channels and try to determine where they are coming from. Once the strongest ones are found, install something to shield the office from that signal.
If a bigger antenna helped, then that means that the source signal is kind of weak. Installing backup APs in other parts of the building will help, and the best thing to do is use a better grade radio if the company relies on its wireless network. Consumer ones are not that reliable, but commercial grade are more expensive.
havanahjoe @ Mar 30th 2006 7:03PM
802.11b is more stable. Interference is more problematic on G than it is on B.
Chris Ribe @ Mar 30th 2006 7:09PM
Most wireless routers come with ports on the back that allow you to "tunnel" the signal through 4 twisted pairs of copper. The twisting in the wires cancels out interference from other networks.
Of course, to use these "direct antennae ports" you need to build a special bipolar antenna. This can be done with some Cat 5e and a couple RJ45 connectors.
RogueStorm @ Mar 30th 2006 7:21PM
You really will have to look at the signals in the area and "tune" your WAPs for better connectivity. First off, adding a larger antenna probably only caused more interference with the other wireless networks in the area, so they did the same and now you're back at square one. You should first look at turning down your signal strength to what is absolutely necessary to cover your work areas. You may have to add more APs to cover certain areas, but that's perferable anyway. Second, seriously consider holding a meeting with the other wireless network owners in the area and work out agreements on channel space. As stated above, there are lots of overlapping signals, but if it can be planned so that you're not all encroaching on eachother, you'll all be better off. You might also encourage your neighbors to lower their signal strength as well. Finally, look for other forms of interference. Often times, microwaves, cordless phones, etc. can screw up your signal as well. You might want to look for several products on the market that will work with a PocketPC and allow you to map out the signals in the area and track down your problems.
Jasper @ Mar 30th 2006 7:25PM
You have two solutions - both involve additional cost:
1. Use 802.11a. Many people underrate this and not use it. But it actually offers a few benefits over b/g.
2. Upgrade your WLAN system to a better one that supports rogue detection and prevention, including dynamic radio management to manage power levels of your individual APs. Smart decentralised wlan solutions these days will manage everything from which channel to use, as well as crank up the power levels on each AP to suit. The benefit of these expensive systems is that each of your APs will adjust the RF channel based on new APs that encroach on your RF space.
There are probably more solutions, I haven't thought of them yet.
Matt @ Mar 30th 2006 7:29PM
lead paint
jdh @ Mar 30th 2006 7:47PM
Try using the 802.11A band. The unlicensed 5GHz band isn't nearly as crowded. It's just a little more expensive and probably a hassle to get everyone a/b/g cards, but no more so than wrapping an entire building in brass mesh or 3" of lead. A shame about that whole 'go to jail' thing for jamming signals.
Walt_Mink @ Mar 30th 2006 8:15PM
I just finished installing a company wide 3com WX1200 managed access point system. I have the one wireless switch and then six MAPs (Managed Access Points) attached to the switch with ethernet and PoE. The cool thing about this particular switch is that it will automatically RF hop around rouge (to you) APs and tune the network optimally. It wasn't outrageously expensive either - $4,800 for the whole rig, I think.
Spyvie @ Mar 30th 2006 8:15PM
This is not the solution you asked for but whats wrong with Ethernet? A cat5 network is easy to set up, cheaper, faster and more reliable than WiFi. The routers cost less and the adapters are built-in to most motherboards.
WiFi is great for portable computers but its not even close to the best way to network desktops.
George @ Mar 30th 2006 8:19PM
Break out kismet and do some scanning, or you could buy one of those $8000 fluke networks wireless analyzers. Those things are great, I used one at work and it was a lot nicer than trying to fiddle with kismet to get it working.
chris @ Mar 30th 2006 8:36PM
this one is simple
build yourself a Faraday Cage
http://en.wikipedia.org/wiki/Faraday_cage
emm @ Mar 30th 2006 8:41PM
use copper tubing. its supposed to block radio frequencies. or a faraday cage like the previous poster.
also, have you thought about wired internet? im assuming its mostly desktops there. or a port replicater with ethernet for on the desk?
Tom @ Mar 30th 2006 8:50PM
If you building is so small why don't you just use ethernet?
Mr Shield @ Mar 30th 2006 9:02PM
So the question as asked was "how to RF sheild WiFi".
The answer is metal - be it tinfoil, lead paint, brass mesh, 3" lead shielding, faraday cage, or copper tubing. Metal blocks wireless signals because metal conducts electricity - when the EM signal hits the metal, it induces surface currents on the metal.
One potential drawback to shielding out RF signals is that your cell phones might stop working at your desks.
If you don't want to shield, there are a lot of good suggestions here - stronger radio, wired ethernet (cheers to "Chris Ribe" for his clever and amusing post), 802.11A, 802.11G, frequency management.
Another alternative is to build yourself waveguide antennas. These will help make the signal directional. You could put them at the source access point and point them to your computers or - put them on your computers and point them to the access point.
http://www.turnpoint.net/wireless/cantennahowto.html
Imagine how sweet your office would look with cans of "big chunk" at everyone's desk, dangling from their computers.
Mastershake @ Mar 30th 2006 9:03PM
There is special paints and Stickers you can use to keep signal out. You can use a Product called Air Fortress to secure yourself from others, its the only fips 142 compliant solution, my company sells that by the way. There is a good chance your interference is due to things such building structure and microwave ovens. Another company whose products we use and sell is AirMagnet. They even have a great Spectrum Analyzer card that can determine pretty much what is causing any of these problems. Thier other product can literally let you track AP's usually rogues right to the source with a PDA or Laptop. My security Eng.'s use these products all the time, and I can assure you having been in an electronic warfare unit in the Army I am not just trying to sell this stuff. It is the best, check Gartner if you like. If you want more info, you can email me. I hope engadget doesn't mind rdouglas@fusionstorm.com "The net is vast and infinite, and though information should be free..it is not. Knowledge is the power and currency of the virtual world."
tyler @ Mar 30th 2006 9:27PM
Cover the outside of your building in brass mesh.
John @ Mar 30th 2006 10:23PM
CHICKEN WIRE!
Chris @ Mar 30th 2006 10:41PM
"Most wireless routers come with ports on the back that allow you to "tunnel" the signal through 4 twisted pairs of copper. The twisting in the wires cancels out interference from other networks.
Of course, to use these "direct antennae ports" you need to build a special bipolar antenna. This can be done with some Cat 5e and a couple RJ45 connectors."
bfbwhahahahhaaa thats damned funny!
and #5, get a clue. no, really.
out side of weird construction projects (faraday cage? special paint?) or tossing large money at it ($5k for managed wifi?) and assuming you've already switched off channel 6 and config'd your clients not to accept any 'ol AP by default, I'd say switching tech is about all you got. Going to A might be better than b/g, but at the cost of a shorter range and a lot less selection of equipment. going wired for the critical systems is a sure fire fix, but making it look nice is also going to cost some cash, up to $100 a port once you figure in cable (10 cents a foot, or 20 if plenum is needed, look it up to see if you need it) jack boxes, jacks, face plates, and wire pulls in walls or those plastic wire channels that you can stick on. nickel and dime stuff, but it will add up fast, and can be time consuming so if you hire someone it might cost even more. the biggest benifit of going wired though is that you would then have gigabit as an option, and no one can deny that faster is always better :D, not to mention that it will increase the value of the office space.
OddManOut @ Mar 30th 2006 10:59PM
No real suggestions about shielding (I would have suggested faradaying the whole building, but it's ridiculous and more importantly taken). But as for addressing your connectivity issue in the larger sense, I agree with the others that simply using wires is probably best.
While running Cat5e is of course the best (as it will carry your building on up through the days when gigabit ethernet becomes common) you have a few other options.
Powerline (or Homeplug) will allow you to use the eletrical wiring in your building to carry your data signal (though it will not run any faster than 10mbps).
HPNA 2.0 will run the data signal over the phone lines (but will not require filters or interfere with DSL). It also will not EVER go any faster than 10mbps (more like 5mbps). I personally use this in my house where wifi is problematic.
Both those standards/technologies are about 5 years old (and to use them you'll need new NICs and a bridge or two). Newer versions have been designed that run faster, but because of the prevelance of wifi, they never became very popular.
As stated Cat5e would be best, but if you only need to connect 5 - 10 offices in a concrete building (ie one in which installing new wiring would be prohbitively difficult/expensive) and don't need to do too many large file transfers, either HPNA or Powerline might be simple and effective solutions, if not ideal.
But if you think either of these sounds good, do a little research.
Ganbate!
Gamer0808 @ Mar 30th 2006 11:13PM
What if I want to block or jam WiFi. I dont want people in my building to be plugging in a AP. I have alot of remote sites so it is hard to monitor them all all the time. Anyone have a solution to monitor and or block this?
Magneto Man @ Mar 30th 2006 11:59PM
If you want to keep yuor neighbors off of your networks and your employees off of neighboring networks, you need to look at WiFi Watchdog from Newbury Networks in Boston, MA.
It is a software product that leverages existing Cisco WiFi infrastructure you may already have and will ensure your employees stay on only your Wi-Fi network, and keep other neighboring Wi-Fi users off of your network. The WiFi Watchdog software runs on a central server and can even work to separate your WLANs from neaighboring WLANs even if your business occupies non-contiguous floors in a building (eg., 3rd, 10th & 25th).
It's quite simple to use, and when tested by a special squadron of the US Airforce that specializes in electronic warfare, they couldn't hack it.
Additionaly, it can real-time track the precise physical location of all devices in and around your facilities.
Based on what you describe, it's worth checking out.
Chris @ Mar 31st 2006 1:02AM
As previously stated, RJ-45/Cat5e is always the best solution - you're preapared for the future (the immediate future (gigabit), and offering the highest speed to your desktop systems; and any critical systems (servers).
Anything else, should be wireless (namely laptops), and you're stuck with just curly pointed antennae, and lining the walls with platnium (or a less conductive metal).
-Chris
Bhavin Rokad @ Mar 31st 2006 2:05AM
802.11a ??
warmcola @ Mar 31st 2006 2:52AM
in regards to building a faraday cage: if you really are concerned with blocking out other signals and keeping your signals internal this option is one of the most extreme in my opinion, but also by far the most effective. this would have to be done as part of a renovation. the copper mesh like material can easily be integrated into walls (adhere to sheet rock, etc.). Special window panes can also be purchased that have the material in between 2 panes of glass (not noticeable at all). Drawbacks: nonexistent cellphone coverage, high cost, overkill. A good example of "faraday cage" usage would be that of the pentagon, who recently (last 5-6 years) has put these materials into place as a means to beef up security.
cd @ Mar 31st 2006 3:24AM
switch your wlan-router to a european setting, or get yourself a german or france firmware. there will be some additional channels (12 - 15), that nobody around uses. have fun
Nick @ Mar 31st 2006 6:33AM
Yep - its called Ethernet
Josh Butler @ Mar 31st 2006 6:37AM
Is it a multitude of small businesses whose signals are interferring? If so, why not try to get together and sort out one single network that you all share - could cut costs as well as lower the amount of radio traffic bouncing around.
MoreAss @ Mar 31st 2006 6:42AM
How about talking to your neighbors?
Use Netstumbler to find the signals origin, perhaps agree on some channel allocation and maybe some foil to redirect unnecessary bleed.
And should a new signal move in - you know have a local nerd militia at your disposal.
D. Stozinic @ Mar 31st 2006 8:00AM
The only way to get away from the interferance of other wifi signals is to get away from their frequencies. Setting filters, changing channels etc. is all a waste of time.
The best way to do this is change over to the 5.x GHz frequency. Unless anyone else is using this technology you shouldn't have any furhter interferance.
However, this does add some additional cost to the solution.
Good luck.
christopher @ Mar 31st 2006 8:36AM
I dunno if cost is all that high. It's not a DIY project for your home but a company can absorb it. $600 for a 25X10 wall is our most recent quote; you do NOT want RF leakage to occur near, say, automated product lines, or your Viagra might be a small blue pill of wild side effects. The cost seems reasonable for what we need it to do.
-C
En_croute @ Mar 31st 2006 8:49AM
Homeplug now offers a 64mb connection to run ethernet via the power supply. It drops to about 1/2 that on a extension and not on the ring main, but could be worth looking at.
mark @ Mar 31st 2006 8:58AM
fill your office with cats
Ted @ Mar 31st 2006 10:20AM
I had the same problem in our office building. We are on the 4th floor of a 5 story building and occupy the entire 4th floor (approx 100' x 100').
We have executives that are constantly moving from offices to conference rooms and require a wireless connection at all times. Our laptop wireless people (8 in all) were getting dropped 3 to 5 times a day. I tried every configuration I knew with our existing wireless access point and finally guessed that it was a combination of Wireless routers in other businesses on other floors, as well as low signal strength from our router.
We purchased a new Belkin Pre-N wireless router and got rid of our access point ($89 cost - I was sorta sold on the whole %800 range increase). I configured the router per it's instructions to be strickly an access point (we already have a router).
I then used a program called NetStumbler on one of our wireless laptops to scan and get channel info on all wireless networks within range, such as CHANNEL and SIGNAL TO NOISE. Channel 6 was unused, so I set it to that channel and configured all of the new laptops to talk to the Belkin Pre-N with their existing internal wireless cards ( I know they won't be getting that 800% range because their not PRE-N as well, but the reception was improved no the less)
I've been running on this configuration for a few weeks, and while we still have the occasional employee getting dropped, the frequency has been reduced by 90%.
Also, as a side note, I remember reading an article in Engadget a few weeks back stating that Belkin Pre-N wireless routers cause interference with other wireless network devices that are not PRE-N. All I can say is, "O well, too bad for the other floors in our building, because my wireless network is working much better now, for under $100 bucks".
:) Ted
Ted @ Mar 31st 2006 11:08AM
By the way, The other Engadget article talking about the PRE-N router above is here:
http://www.engadget.com/2006/03/14/airgo-claims-current-802-11n-specs-interfere-with-802-11b-g/
:)
sam i am @ Mar 31st 2006 11:14AM
#30, he wants to do it leagaly, using euopean channels will just get him in trouble with the gov't
John @ Mar 31st 2006 12:40PM
I will add a link to my company's web page.
http://www.orient-america.com/products7.htm
We are developing a "sheild" for rfid smart cards that seems to work for wifi as well. This film can be used to make curtains, wallpaper, incorporated into drywall, ect. Developed by our home office in Osaka. We are currently offering rolls of this film to contractors and interior designers in Japan.
Consider one problem with all "Faraday Cage" solutions, Cell Phone reception.
Nate @ Mar 31st 2006 1:08PM
Most suggestions above are great. However, here is my 2 cents as a Network Engineer.
Wireless is too insecure for corporate networks!
If you do insist (or are required to use wireless based off space and the like), I'd suggest getting someone who is proficient in wireless secured networks to come down and fix this issue. First off, you need to secure your wireless network as much as possible. Even then, the FBI has proved that it's possible to crack even 256-bit encryption, so use as much security as you possibly can. Second, see if you can find 3rd party software to block out any wireless SSID's from being associated with. Microsoft's version of wireless connectivity is a joke. It has virtually no security and very little control. Finally, if you have already paid the cost of your wireless implementation, there are additional costs associated with upkeep such as auditing and IDS. Look into it and see what can financially work for your company.
Just my 2 cents. Good luck!
Michael @ Mar 31st 2006 1:58PM
#40 Most suggestions above are great. However, here is my 2 cents as a Network Engineer.
Wireless is too insecure for corporate networks!
-----------------------------
Microsoft uses Wifi across their campus... and have done a good job of securing it.
Nate @ Mar 31st 2006 3:24PM
41. #40 Most suggestions above are great. However, here is my 2 cents as a Network Engineer.
Wireless is too insecure for corporate networks!
-----------------------------
Microsoft uses Wifi across their campus... and have done a good job of securing it.
-----------------------------
Yes, however, they have "experts" relative to the wireless process. They also probably locked down the wireless infrastructure. I'm assuming we're trying to assist a rather small business, thus the topic.
Gadget @ Mar 31st 2006 3:33PM
When you have dozens of APs beaconing, the channel trick is a little more difficult, but I have been able to "help friends and neighbors live together in harmony" by logging onto APs with their default PW's and remapping them across the three non-conflicting channels 1 6 and 11.
The trick, and pay attention script kiddies, is to put your "friends" primary AP on channel 11 as it has a few more milliwatts than the other channels. The next best channel is 1, as most routers default is a noisy 6.
For extreme situations use French firmware and place the gear up at channel 14. If you hate the French, who doesn't, then use other Euro firmware but not from Spain. No, I don't hate the Spaniards, they just only support channels 10 through 14, so you'll miss out on the open AP's on channel 6 when you roam. Note that if you have a (rare) high power card (above 100mw) this firmware will power down your card to 100mw, but most of the Linksys cards are 40mw anyway...
Mastershake @ Mar 31st 2006 4:30PM
wireless can be secured. Check out Fortress Technologies, believe me you are not getting in. That is why the fed.s use it, top secret military programs use it, etc. As for knowing where all AP's are and what is going on with them, especially rogues you didn't know you had, or other peoples rf, it's AirMagnet all the way.
If your AP is available at Best Buy I can get in, in under 2 minutes, and that holds true for most enterprise class AP's as well.
Patrick @ Mar 31st 2006 5:41PM
Haven't you seen the movie starring Will Smith/Gene Hackman, called Enemy of the State?
Chickenwire cage is the way to go.
Nick @ Mar 31st 2006 7:13PM
The solution to your problem is simple and cheap. Just a trip to the thrift store, plus some sheet metal, will produce a viable solution. All you need to do is buy a microwave oven and pull out the magnetron and other dangerous bits and mount the magnetron in a 2.4 GHz horn antenna. Just pull out in front of your neighboring businesses on a weekend (don't want to give anyone inside cataracts), plug the magnetron into your 1 kW inverter (every self-respecting geek should have one), point the antenna at the likely place of the rogue AP's, and turn it on. The RF will fry the reciever and likely the transmitter, as well.
Problem solved ;)
Rory Conaway @ Mar 31st 2006 11:46PM
The answer is to move off of 2.4GHz and move into 802.11a. The second answer is an active attack system but as fun as that sounds, move up to 802.11a, much cheaper.