Tom's Hardware > Forum > Wireless Networking > Wireless General Discussions > preventing users from dropping wireless onto the lan

preventing users from dropping wireless onto the lan

Forum Wireless Networking : Wireless General Discussions - preventing users from dropping wireless onto the lan

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Jim   08-31-2004 at 04:26:36 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

 

We have many lan subnets that are giving dhcp out

I'm afraid that users may bring in one of their home airport express
devices (or the like) and drop them on the network, so now they have
unsecured wireless.

Obviously this is a security risk. Is there some resonable way to
prevent this?

Thanks

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   09-01-2004 at 01:34:48 AM
- 0 +

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

 

Some access points have 'rogue AP detection' (e.g. Proxim) that could detect
such a thing and send an SNMP alert.

You can restrict your DHCP servers to only give IP addresses to known MAC
addresses, or put restrictions on some DHCP parameters. For example, the
built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
unlikely that an AP would send that, so you can refuse an answer in that
case

Or you can try the polite way: hang up a sign saying "Please don't connect
your home airport express devices to my LAN..." ;)


"jim" <jim@cogentit.com> wrote in message
news:b2d9j0dpucicu6ql35vlufspijon5up98q@4ax.com...
>
> We have many lan subnets that are giving dhcp out
>
> I'm afraid that users may bring in one of their home airport express
> devices (or the like) and drop them on the network, so now they have
> unsecured wireless.
>
> Obviously this is a security risk. Is there some resonable way to
> prevent this?
>
> Thanks

Reply to Anonymous
Jim   09-01-2004 at 01:34:49 AM
- 0 +

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

 

We have a acceptable user policy that includes this kind of thing, and
it is common knowlege that it is not "OK", but nobody cares. (except
me)

We would have a very difficult time with MAC address restriction, but
I will check the rougue AP detection. Any links would be appreciated

Thanks



On Tue, 31 Aug 2004 19:34:48 +0200, "Jeroen van Bemmel"
<someone@somewhere.com> wrote:

>Some access points have 'rogue AP detection' (e.g. Proxim) that could detect
>such a thing and send an SNMP alert.
>
>You can restrict your DHCP servers to only give IP addresses to known MAC
>addresses, or put restrictions on some DHCP parameters. For example, the
>built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
>unlikely that an AP would send that, so you can refuse an answer in that
>case
>
>Or you can try the polite way: hang up a sign saying "Please don't connect
>your home airport express devices to my LAN..." ;)
>
>
>"jim" <jim@cogentit.com> wrote in message
>news:b2d9j0dpucicu6ql35vlufspijon5up98q@4ax.com...
>>
>> We have many lan subnets that are giving dhcp out
>>
>> I'm afraid that users may bring in one of their home airport express
>> devices (or the like) and drop them on the network, so now they have
>> unsecured wireless.
>>
>> Obviously this is a security risk. Is there some resonable way to
>> prevent this?
>>
>> Thanks
>

Reply to Jim
Anonymous   09-01-2004 at 03:33:29 AM
- 0 +

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

 

http://www.proxim.com/learn/librar [...] ection.pdf

"jim" <jim@cogentit.com> wrote in message
news:c0e9j0hg84fl3753ff0bvoenpfaqlo9e3g@4ax.com...
> We have a acceptable user policy that includes this kind of thing, and
> it is common knowlege that it is not "OK", but nobody cares. (except
> me)
>
> We would have a very difficult time with MAC address restriction, but
> I will check the rougue AP detection. Any links would be appreciated
>
> Thanks
>
>
>
> On Tue, 31 Aug 2004 19:34:48 +0200, "Jeroen van Bemmel"
> <someone@somewhere.com> wrote:
>
>>Some access points have 'rogue AP detection' (e.g. Proxim) that could
>>detect
>>such a thing and send an SNMP alert.
>>
>>You can restrict your DHCP servers to only give IP addresses to known MAC
>>addresses, or put restrictions on some DHCP parameters. For example, the
>>built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
>>unlikely that an AP would send that, so you can refuse an answer in that
>>case
>>
>>Or you can try the polite way: hang up a sign saying "Please don't connect
>>your home airport express devices to my LAN..." ;)
>>
>>
>>"jim" <jim@cogentit.com> wrote in message
>>news:b2d9j0dpucicu6ql35vlufspijon5up98q@4ax.com...
>>>
>>> We have many lan subnets that are giving dhcp out
>>>
>>> I'm afraid that users may bring in one of their home airport express
>>> devices (or the like) and drop them on the network, so now they have
>>> unsecured wireless.
>>>
>>> Obviously this is a security risk. Is there some resonable way to
>>> prevent this?
>>>
>>> Thanks
>>
>

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Wireless Networking > Wireless General Discussions > preventing users from dropping wireless onto the lan
Go to:

There are 1096 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.303 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them