[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Prevent mobile users from accessing unauthorized WiFi networks

Posted on 2006-06-27
13
Medium Priority
?
583 Views
Last Modified: 2013-11-24
We want to prevent our mobile users from taking company laptops and connecting them WiFi networks that they have not been authorized to access (e.g. Starbucks, airports, hotels, etc).

Most users are running either Windows XP or Windows 2000.  

Anyway to do this?
0
Comment
Question by:markparr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 2

Accepted Solution

by:
abarneslouortho earned 500 total points
ID: 16993212
if you lock them down from being able to install another network adapter, and then disable their ability to change network settings through AD, that should do the trick.

you'll have to set their settings to have the ones you want them to be able to access set as preferred networks, then tell windows to not automatically connect to nonpreferred networks.  after that, like i said, just remove the right to change network settings.q
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16993771
If there is no other AP in the area use a non-standard channel like ch#3. At the NIC, specify a fix channel (disable autoscan). That way the laptop will be unable to connect anywhere else.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16993793
true, until someone else has something set up on channel three.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994487
It should not because this is not a standard usable channel.  

The only 3 usable channels are 1, 6 and 11.  Using any other channel in a multi AP environnement will cause interference due to overlapping frequencies.  Then you will find any hotspot using other channels if designed by a professional.

0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994495
Ooops i meant:

...Then you WONT find any hotspot using other channels if designed by a professional
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994510
well, the problem still lies within keeping the user from changing that setting back
0
 

Author Comment

by:markparr
ID: 16994528
The key thing for me is preventing them from messing w/ the wireless settings while they are out and about.  It's a management decision to prevent viruses, spyware, etc from getting on the laptops outside of our closed network.  The tighter the better.  We just want to say that SSID XXXXXX is the only one that they can access.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994573
here, at the end of this article, this is how to do what i was talking about
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994580
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995097
For most of my customers i use Ipsec encryption. All incoming/outgoing connection are denied except ipsec tunnel. Then wherever they will connect (wired or wireless) they are using corporate firewall as their default gateway.

For a basic wireless security you may use directory/registry security setting allowing write privilege to administrator account only. That way they won't modify NIC settings.

A lot of hotels still offer wired connection. Some hotels also give their own usb adapter that will overcomes adapter settings. they may connect at home too. This is why you should use a protocol based protection instead of adapter based.
0
 

Author Comment

by:markparr
ID: 16995615
More background:  There will be a variety of valid access points in our area that we are allowing laptop access back to the office network.  However, these laptops are not for surfing the net so we don't want the users getting them on another wireless access point some place (e.g. Starbucks) and getting out the Internet.  Obviously, there are some work arounds such as a wired connection but if we disabled and lock them down on all fronts -- wired and wireless -- hopefully it will be more of a hassle/deterent to use a valid computer for those purposes.

All laptops will be used locally so hotel access was only an example.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16995874
if you look in your pointed question post, i have a link to an excellent lockdown tutorial, which actually seems to be pretty easy to do.... i am planning on doing this in my office now!!!  just do what it says for the wireless, and lockdown wired completely.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995889
There is no way that i know to deny all but known (authorized) SSID. I recommend using ipsec tunneling as described in my previous post. The VPN server may accept tunnel connection from all or specific wired/wireless network and prevent users from browsing the web. Using IPsec will provide a secure access to your network.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question