Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Prevent mobile users from accessing unauthorized WiFi networks

Posted on 2006-06-27
13
578 Views
Last Modified: 2013-11-24
We want to prevent our mobile users from taking company laptops and connecting them WiFi networks that they have not been authorized to access (e.g. Starbucks, airports, hotels, etc).

Most users are running either Windows XP or Windows 2000.  

Anyway to do this?
0
Comment
Question by:markparr
  • 6
  • 5
  • 2
13 Comments
 
LVL 2

Accepted Solution

by:
abarneslouortho earned 125 total points
ID: 16993212
if you lock them down from being able to install another network adapter, and then disable their ability to change network settings through AD, that should do the trick.

you'll have to set their settings to have the ones you want them to be able to access set as preferred networks, then tell windows to not automatically connect to nonpreferred networks.  after that, like i said, just remove the right to change network settings.q
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16993771
If there is no other AP in the area use a non-standard channel like ch#3. At the NIC, specify a fix channel (disable autoscan). That way the laptop will be unable to connect anywhere else.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16993793
true, until someone else has something set up on channel three.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994487
It should not because this is not a standard usable channel.  

The only 3 usable channels are 1, 6 and 11.  Using any other channel in a multi AP environnement will cause interference due to overlapping frequencies.  Then you will find any hotspot using other channels if designed by a professional.

0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994495
Ooops i meant:

...Then you WONT find any hotspot using other channels if designed by a professional
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994510
well, the problem still lies within keeping the user from changing that setting back
0
 

Author Comment

by:markparr
ID: 16994528
The key thing for me is preventing them from messing w/ the wireless settings while they are out and about.  It's a management decision to prevent viruses, spyware, etc from getting on the laptops outside of our closed network.  The tighter the better.  We just want to say that SSID XXXXXX is the only one that they can access.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994573
here, at the end of this article, this is how to do what i was talking about
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994580
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995097
For most of my customers i use Ipsec encryption. All incoming/outgoing connection are denied except ipsec tunnel. Then wherever they will connect (wired or wireless) they are using corporate firewall as their default gateway.

For a basic wireless security you may use directory/registry security setting allowing write privilege to administrator account only. That way they won't modify NIC settings.

A lot of hotels still offer wired connection. Some hotels also give their own usb adapter that will overcomes adapter settings. they may connect at home too. This is why you should use a protocol based protection instead of adapter based.
0
 

Author Comment

by:markparr
ID: 16995615
More background:  There will be a variety of valid access points in our area that we are allowing laptop access back to the office network.  However, these laptops are not for surfing the net so we don't want the users getting them on another wireless access point some place (e.g. Starbucks) and getting out the Internet.  Obviously, there are some work arounds such as a wired connection but if we disabled and lock them down on all fronts -- wired and wireless -- hopefully it will be more of a hassle/deterent to use a valid computer for those purposes.

All laptops will be used locally so hotel access was only an example.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16995874
if you look in your pointed question post, i have a link to an excellent lockdown tutorial, which actually seems to be pretty easy to do.... i am planning on doing this in my office now!!!  just do what it says for the wireless, and lockdown wired completely.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995889
There is no way that i know to deny all but known (authorized) SSID. I recommend using ipsec tunneling as described in my previous post. The VPN server may accept tunnel connection from all or specific wired/wireless network and prevent users from browsing the web. Using IPsec will provide a secure access to your network.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question