Solved

Prevent mobile users from accessing unauthorized WiFi networks

Posted on 2006-06-27
13
581 Views
Last Modified: 2013-11-24
We want to prevent our mobile users from taking company laptops and connecting them WiFi networks that they have not been authorized to access (e.g. Starbucks, airports, hotels, etc).

Most users are running either Windows XP or Windows 2000.  

Anyway to do this?
0
Comment
Question by:markparr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 2

Accepted Solution

by:
abarneslouortho earned 125 total points
ID: 16993212
if you lock them down from being able to install another network adapter, and then disable their ability to change network settings through AD, that should do the trick.

you'll have to set their settings to have the ones you want them to be able to access set as preferred networks, then tell windows to not automatically connect to nonpreferred networks.  after that, like i said, just remove the right to change network settings.q
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16993771
If there is no other AP in the area use a non-standard channel like ch#3. At the NIC, specify a fix channel (disable autoscan). That way the laptop will be unable to connect anywhere else.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16993793
true, until someone else has something set up on channel three.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994487
It should not because this is not a standard usable channel.  

The only 3 usable channels are 1, 6 and 11.  Using any other channel in a multi AP environnement will cause interference due to overlapping frequencies.  Then you will find any hotspot using other channels if designed by a professional.

0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994495
Ooops i meant:

...Then you WONT find any hotspot using other channels if designed by a professional
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994510
well, the problem still lies within keeping the user from changing that setting back
0
 

Author Comment

by:markparr
ID: 16994528
The key thing for me is preventing them from messing w/ the wireless settings while they are out and about.  It's a management decision to prevent viruses, spyware, etc from getting on the laptops outside of our closed network.  The tighter the better.  We just want to say that SSID XXXXXX is the only one that they can access.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994573
here, at the end of this article, this is how to do what i was talking about
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994580
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995097
For most of my customers i use Ipsec encryption. All incoming/outgoing connection are denied except ipsec tunnel. Then wherever they will connect (wired or wireless) they are using corporate firewall as their default gateway.

For a basic wireless security you may use directory/registry security setting allowing write privilege to administrator account only. That way they won't modify NIC settings.

A lot of hotels still offer wired connection. Some hotels also give their own usb adapter that will overcomes adapter settings. they may connect at home too. This is why you should use a protocol based protection instead of adapter based.
0
 

Author Comment

by:markparr
ID: 16995615
More background:  There will be a variety of valid access points in our area that we are allowing laptop access back to the office network.  However, these laptops are not for surfing the net so we don't want the users getting them on another wireless access point some place (e.g. Starbucks) and getting out the Internet.  Obviously, there are some work arounds such as a wired connection but if we disabled and lock them down on all fronts -- wired and wireless -- hopefully it will be more of a hassle/deterent to use a valid computer for those purposes.

All laptops will be used locally so hotel access was only an example.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16995874
if you look in your pointed question post, i have a link to an excellent lockdown tutorial, which actually seems to be pretty easy to do.... i am planning on doing this in my office now!!!  just do what it says for the wireless, and lockdown wired completely.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995889
There is no way that i know to deny all but known (authorized) SSID. I recommend using ipsec tunneling as described in my previous post. The VPN server may accept tunnel connection from all or specific wired/wireless network and prevent users from browsing the web. Using IPsec will provide a secure access to your network.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question