Hello! Welcome to our fifth WiFi Ninjas Podcast episode 🙂
We are proud to announce, that in this first WiFi Ninjas interview we’ve had a total pleasure speaking with a proper legend of the WiFi industry – Eddie ‘Bad-Fi’ Forero!
Eddie requires no introductions but if for some reason you don’t know Eddie yet, we’re sure you’ve heard of his creation called badfi.com 🙂 He’s also an amazing speaker and teacher, educating tons of fellow wireless enthusiasts from all around the world. Follow Eddie on Twitter @HeyEddie.
We thought we would use this opportunity to discuss the best ways to completely kill your wifi, how to avoid common mistakes and what to look for in this tricky wireless world.
Here is what we have discussed:
- Bad AP Position, Model, Surroundings, Antenna Choice
- Two APs right next to each other – does this = high density?
- AP behind metal cage – this makes it secure right?
- AP wrapped in a kitchen foil = ready to be baked?
- Problem? Add more APs!
- Hide that AP – preferably behind metal mesh ceiling panel or a concrete wall
- Mount the AP so it could be unmounted easily – plastic straps or hanging off the cable are great
- Mounting internal omni AP outside? Put it into a document film cover and hang on the screw 30m above the ground
- AP painted with metal paint – to fit better with surroundings
- APs mounted under the false metal floor – at least it’s accessible!
- Bad Radio Config
- Low Data Rates are your friend
- Always use 40MHz 2.4GHz / 160MHz 5GHz in high density
- Are channels 1, 6 and 11 used? Use channel 8!
- Always use Max Tx
- Set RX-SOP to high values to ensure your clients drop off mid-roaming
- Always stick to UNII-1. Even with no DFS nor neighbours
- Bad Experience:
- Captive Portal with short session timeout – having to constantly re-log in is fun though?
- Don’t use 802.11r, v and k – it’s dark magic
- Got Apple devices on Cisco network? Don’t enable Fastlane
- Never use QoS
- Rate limit users and SSIDs, with ultimate choice being disabling high data rates
- Want to be real secure? Hide that SSID and implement MAC filtering. Make it open.
- Open plan building so not many APs and 200 clients connected to 1 AP – but coverage is goooooood
- Bad Security
- Make that roaming blazing fast with 802.11r on WPA2-Personal
- Use WEP and WPA, never WPA2 nor WPA3 when it comes out
- Encourage connecting rogue APs by offering bad corporate WiFi experience and not securing physical ports
- Don’t validate server cert – mutual auth is an enemy. Bah, steer clear away from 802.1x
- Don’t waste guests’ time with content filtering
- Allow p2p in public SSID. And don’t block access to RFC1918
- Ever considered managing your infra via wireless? Make sure to leave default passwords on
- Don’t call Eddie or WiFi Ninjas and simply enjoy the bad wifi experience! 🙂
And that’s it! We hope you’ve had as much fun listening to it as us recording this episode!
Thanks for listening and please don’t hesitate to leave a comment, feedback, subscribe or follow us on social media. Cheeeeers