RE: Blacklisting wireless access points...




Can't this be addressed by deploying NAC devices & installing NAC agents in the laptops that you mentioned ? I'm not sure whether NAC systems today support policy enforcement based on wifi enable/disable configuration in hosts.

If you dont get any way to disable wifi-access from such laptops, you may want to atleast make sure that such laptops (which may roam in insecure environments like neighbor's access points) dont infect other machines in your LAN by deploying a layer2/transparent UTM in your switches.


- Babu

At 12:20 AM 5/16/2008, Dan Denton wrote:
My apologies for not being explicit enough. Due to the nature of our
business, we do not allow the use of wireless at all for our users, however
most of our users have laptops with wireless cards.

The users in question have been instructed not to access any access points
(there are a couple around us), protected or otherwise, run by neighboring
businesses, and I do not believe they'd intentionally access them but I'd
like to be sure they cannot.

Thanks for the replies...

-----Original Message-----
From: infolookup@xxxxxxxxx [mailto:infolookup@xxxxxxxxx]
Sent: Thursday, May 15, 2008 12:19 PM
To: Dan Denton; listbounce@xxxxxxxxxxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Blacklisting wireless access points...

Care to explain a bit more, are the access points controlled by your company
and you don't want your users accessing them, or do you want to block them
for AP's near by?

If its the first why not setup a security protection on the AP to block
users WPA2, radius something to that extend.
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: "Dan Denton" <ddenton@xxxxxxxxxxxx>

Date: Thu, 15 May 2008 10:19:35
To:<security-basics@xxxxxxxxxxxxxxxxx>
Subject: Blacklisting wireless access points...


Does the list know of a way/product to prevent users from accessing certain
wireless access points? I figure AD has a group policy that can do this, but
we don't currently use AD. Any suggestions are greatly appreciated...

Thanks much,

Dan




********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you.

Intoto Inc.



Relevant Pages

  • Re: wifi @ home requires "password"
    ... to get on the WiFi at home - and none of the other laptops do this.... ... SO - is there any scenario where the WiFi access key is not stored locally ... Some network drivers allow for a checked box the first time you access a wireless access point to never remember the password. ... Have your friend be sure to disconnect from the wireless access point first if they are connected. ...
    (alt.internet.wireless)
  • Re: Wired/ wireless router best choice?
    ... This is changing to the above + 2 laptops .Which router do ... You need to buy a wireless Access Point and ... connect it to one of the network ports. ...
    (comp.sys.acorn.hardware)
  • Re: [opensuse] Re: [opensuse-factory] Problem with openSUSE 11.3 for systems with Broadcom BCM43
    ... with static IP - on the thing before buying it. ... Provided they have a compatible wireless access point set up ... laptops have been working ok. ... I have ATI chip issues with strange MBs on SuperMicro servers (not used ...
    (SuSE)
  • Re: My Documents Redirection with Laptop using WiFi
    ... Are you using Wireless Access Points on your LAN or is this a wireless router? ... We've noticed that we can't add laptops to the domain using a wireless ... the laptop into the network, set it up, and then they work fine on the ...
    (microsoft.public.windows.server.sbs)