Solved

Prevent mobile users from accessing unauthorized WiFi networks

Posted on 2006-06-27
13
580 Views
Last Modified: 2013-11-24
We want to prevent our mobile users from taking company laptops and connecting them WiFi networks that they have not been authorized to access (e.g. Starbucks, airports, hotels, etc).

Most users are running either Windows XP or Windows 2000.  

Anyway to do this?
0
Comment
Question by:markparr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 2

Accepted Solution

by:
abarneslouortho earned 125 total points
ID: 16993212
if you lock them down from being able to install another network adapter, and then disable their ability to change network settings through AD, that should do the trick.

you'll have to set their settings to have the ones you want them to be able to access set as preferred networks, then tell windows to not automatically connect to nonpreferred networks.  after that, like i said, just remove the right to change network settings.q
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16993771
If there is no other AP in the area use a non-standard channel like ch#3. At the NIC, specify a fix channel (disable autoscan). That way the laptop will be unable to connect anywhere else.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16993793
true, until someone else has something set up on channel three.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994487
It should not because this is not a standard usable channel.  

The only 3 usable channels are 1, 6 and 11.  Using any other channel in a multi AP environnement will cause interference due to overlapping frequencies.  Then you will find any hotspot using other channels if designed by a professional.

0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16994495
Ooops i meant:

...Then you WONT find any hotspot using other channels if designed by a professional
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994510
well, the problem still lies within keeping the user from changing that setting back
0
 

Author Comment

by:markparr
ID: 16994528
The key thing for me is preventing them from messing w/ the wireless settings while they are out and about.  It's a management decision to prevent viruses, spyware, etc from getting on the laptops outside of our closed network.  The tighter the better.  We just want to say that SSID XXXXXX is the only one that they can access.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994573
here, at the end of this article, this is how to do what i was talking about
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16994580
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995097
For most of my customers i use Ipsec encryption. All incoming/outgoing connection are denied except ipsec tunnel. Then wherever they will connect (wired or wireless) they are using corporate firewall as their default gateway.

For a basic wireless security you may use directory/registry security setting allowing write privilege to administrator account only. That way they won't modify NIC settings.

A lot of hotels still offer wired connection. Some hotels also give their own usb adapter that will overcomes adapter settings. they may connect at home too. This is why you should use a protocol based protection instead of adapter based.
0
 

Author Comment

by:markparr
ID: 16995615
More background:  There will be a variety of valid access points in our area that we are allowing laptop access back to the office network.  However, these laptops are not for surfing the net so we don't want the users getting them on another wireless access point some place (e.g. Starbucks) and getting out the Internet.  Obviously, there are some work arounds such as a wired connection but if we disabled and lock them down on all fronts -- wired and wireless -- hopefully it will be more of a hassle/deterent to use a valid computer for those purposes.

All laptops will be used locally so hotel access was only an example.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16995874
if you look in your pointed question post, i have a link to an excellent lockdown tutorial, which actually seems to be pretty easy to do.... i am planning on doing this in my office now!!!  just do what it says for the wireless, and lockdown wired completely.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 16995889
There is no way that i know to deny all but known (authorized) SSID. I recommend using ipsec tunneling as described in my previous post. The VPN server may accept tunnel connection from all or specific wired/wireless network and prevent users from browsing the web. Using IPsec will provide a secure access to your network.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question