Solved

Blocking Guest Wireless Network

Posted on 2010-08-23
8
729 Views
Last Modified: 2013-11-12
I'm looking for some help blocking guest wireless network. I have 2 wireless networks, 1 internal and 1 guest WIFI, which are both on separate VLANs. I need to make sure that the internal users can only connect to the secure network and not the quest one, which is wide open. I don't care if they connect to the AP's, we just need to make sure they can't connect to the internet. I know that I could block them by MAC addresses but that's the most undesirable solution as it creates management headache. Are there any registry keys that i can modify on all of our internal PC's?

All users are on XP sp3 and we use 2003 Active Directory. Wireless connections are managed by Windows.


Thanks for your help!
0
Comment
Question by:deep06
8 Comments
 
LVL 2

Expert Comment

by:Dynamite-Web
ID: 33504887
Depending on the type of switches/routers you have, you should be able to just add an access-list of some sort on the vlans which only allows the access you want.  Due to the networks being on separate VLANs, they should not be able to communicate between them unless you allow it on the router.

I wouldn't try to enforce policy on each machine, but rather on the router itself.  More information on the network devices would be helpful to provide a more specific answer.
0
 

Author Comment

by:deep06
ID: 33504956
Thanks for your reply Dynamite-Web, but I think you misunderstood the problem. We are talking about wide open wifi that's used by our guest visitors and we just need to block all of our internal (corporate employees) from being able to access it while allowing our guests to connect to it. In other words, we want to make sure our corporate laptops and desktops cannot connect to that wireless network.

Thanks.
0
 
LVL 3

Accepted Solution

by:
petelettin earned 125 total points
ID: 33506203
something along the lines of a deployed setup for the internal wifi and lock of changing network settings using either group policy or poledit or similar e.g a reg file.

or perhaps a persistent route with a low metric for the internal subnet range pointing to the default gateway ip address (a duplicate of the dynamic default gateway route)

so even if they connect it to guest it will try to route to internal's gateway address and fail

Wireless connections usually have a higher metric than wired connections a lower metric will be used first
0
 
LVL 5

Assisted Solution

by:Anthony1982
Anthony1982 earned 125 total points
ID: 33506393
Here is your answer right here:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24905471.html

You can create a group policy to stop them..
Hope this helps!
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:deep06
ID: 33510394
Petelettin, thanks for your suggestions. I've been thinking about the same solutions the problem is if I completely lock wifi configuration with the policies, than the users won't be able to add any wifi configs when they travel. I also looked into changing routing tables with persistent routes (i wanted to route dns ip's to a loop address) but that's also not going to work because it doesn't take 127.0.0.1 address as gateway for outside addresses.

is there a way to lock just one ssid in the wireless policies while still allowing users to add and remove other wifi configs?
0
 

Author Comment

by:deep06
ID: 33510408
Anthohny1982 thanks for your suggestion but that's not going to work, please read my reply to petelettin.
0
 
LVL 3

Expert Comment

by:petelettin
ID: 33523822
There's nothing that specific in GP

It's difficult to put anything in GP and still have it able to roam.

interrnal proxy server with ie settings locked - still wouldn't work when roaming

0
 

Author Closing Comment

by:deep06
ID: 33833803
Used GP to force users to connect to this network but with incorrect encryptioin
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now