Security - wireless access to LAN
Posted on 2009-07-06
I have a standard,wired, Windows based domain LAN where I work. I have 3 wireless access points that reside behind my firewall which give wireless access to LAN resources, internet, etc. Despite the many network security reform campaigns I have led, my company is very lax when it comes to network usage and employees are allowed to use our wireless network with personal devices.
Here's my concern - portscanners and the like. All of my network shares are secure (no "Everyone") and require authentication, all my guest accounts and local admin accounts are disabled via GPO. What I don't like is knowing that someone could walk in here with an iPhone and portscan every device in the building - including my servers - and get enough info to cause trouble. I don't like giving up host names and IP addresses that easily to my servers. I don't run Window's Firewall behind my WAN firewall b/c, well, it's a LAN and I don't want to manage 60 firewalls.
What I would like to do is exercise a little more control over my wireless network. What's the best way to do this? Here's what I'm working with right now:
- 3 Linksys WAP54GP's, standard Dell PowerConnect Switches, 1 WatchGuard Edge X1250E
What's the best way to do this? I'm open to all suggestions. Thanks.