Re: Disable WiFi while connected to secure LAN?

---

• From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
• Date: Tue, 17 Jun 2008 13:11:28 -0700

---

This has me in fear of a MASSIVE security issue

There's no security risk here. Since your users don't have admin rights, they won't be able to configure any routing protocols, and any malware that would by chance install as standard user won't be able to act as a router.

I maintain a very secure Windows network, where Wi-Fi is not allowed

This implies that you think wireless is insecure. When configured properly (that is, using WPA or WPA-2), wireless can be quite robust. Why not allow it, and use group policy to configure it?


--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"madman" <guest@xxxxxxxxxxxxxxxxx> wrote in message news:d0be13647d9795aecef5c1ae4eff0dbe@xxxxxxxxxxxxxxxxxxx

Greetings, your advice is needed.

I see through searches that Hardware Profiles are no longer supported
when shifting to Vista. This has me in fear of a MASSIVE security issue
unless I am missing something.

My environment:
I maintain a very secure Windows network(active directory), where Wi-Fi
is not allowed. I also utilize roaming profiles for my users, who are
also not allowed admin rights to anything.
When using a laptop, logging onto my LAN disable the Wi-Fi via the
hardware profile to prevent possible bridging between a secure LAN and
the outside world. Inversely, booting off my LAN enabled the Wi-Fi and
disabled the Ethernet.

How do I maintain this level of security with Vista Business or greater
(And before you ask, NO I do not trust my users :p )?

Does Vista have something more capable that I have not found yet?

Thanks,
MM


--
madman

.

---

• References:
  • Disable WiFi while connected to secure LAN?
    • From: madman

• Prev by Date: Disable WiFi while connected to secure LAN?
• Next by Date: Re: Issue w/ Password for Administrator Account
• Previous by thread: Disable WiFi while connected to secure LAN?
• Next by thread: crack password? opinions?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: WOL security issue ... issue if somebody inside our LAN is infected with malware. ... WOL itself is not a security issue. ... it needs to know the MAC address of the ethernet card. ... (alt.internet.wireless) Re: Unauthorised switchport access ... Your LAN becomes a major target to ... And don't be pacified into a false sense of security by VLANs they are ... Lock all non used switchports and enable a "sticky" MAC learning ... Look into Network Access Control, even if you don't want to ... (Security-Basics) Re: A new concept for security management? ... Creating a LAN is no problem. ... What they'd still be missing is active security. ... >bare-bones LAN for the company and let an MSSP provide the security. ... Anti-Virus software with auto-updating. ... (Security-Basics) RE: [Full-Disclosure] Learn from history? ... SMB generally arent worrie about running simething like WIndows Update ... >>That does not work with the workarounds customer need to facilitate ... Block the ports BEFORE they hit the LAN. ... Proactive security. ... (Full-Disclosure) RE: Linux on military aircraft ... Subject: Linux on military aircraft ... Which Base LAN are they talking about? ... Maybe Linux is really more secure than people here want to admit ... Its just that in order to keep that level of enhanced security, ... (comp.os.vms)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.vista.security  > 2008-06