Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 122
  • Last Modified:

Ban Wifi broadband & 4G in datacenters to protect against data leaks & unauthorized remote access

I've seen engrs who plug in a USB dongle or have a way of enabling wireless on Windows
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls.  Some servers (esp Linux) do not join AD, so can't enforce from GPO

Q1:
Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs

Q2:
If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?

Q3:
Within what vicinity should we ban such broadband Wifi / 4G ?  50m or what's the
usual distance these signals can't be connected to?
0
sunhux
Asked:
sunhux
  • 5
  • 4
3 Solutions
 
sunhuxAuthor Commented:
> Linux) do not join AD, so can't enforce from GPO
I mean without joining AD, the engrs could enable back USB ports
(that were disabled by hardening at OS level)
0
 
John HurstBusiness Consultant (Owner)Commented:
The engineers should not be allowed access to the servers so then they cannot use wireless on the servers. You can stop this with using standard security.

The servers should be in a locked and separate environment and only server admins have access.

If need be, remove the keyboard and monitors on the servers and run headless. Account security will prevent other that legitimate access.

I do not usually see written policies. Secure the servers and secure access as noted above. That will keep people  out

If authorized people are mis-behaving, fire them.
0
 
KimputerCommented:
And that's all besides the point that jammers are illegal in most countries.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
sunhuxAuthor Commented:
John,  by engrs, I meant server admins (who hold root/administrator access).

Kimputer, what's "jammers"?  I'm not native English
0
 
John HurstBusiness Consultant (Owner)Commented:
After I posted, I realized that. But these people should have Job Descriptions that require them to behave.  People who have root admin access can do and defeat whatever they want.

So control these people.
0
 
sunhuxAuthor Commented:
Think I've seen one link by Cisco Networks that recommends  Wireless Broadband
AP should be banned in a DC environment
0
 
sunhuxAuthor Commented:
Or do most servers' hardware comes without a wireless LAN adapter?

Think I've seen a couple from HP that comes with one
0
 
John HurstBusiness Consultant (Owner)Commented:
Servers (the ones we have) do not have Wireless Access. In spite of any security, it would remain a security breach.
0
 
John HurstBusiness Consultant (Owner)Commented:
To summarize:

Remove all wireless access from servers. Connect only by Ethernet.
Have strong root security on the servers.
Have a Job Description for Administrators and explain the facts of life to them. Discipline if necessary.

I do small business consulting along with a client. Only he and I have access and no one else does. We know what we are doing.
0
 
John HurstBusiness Consultant (Owner)Commented:
@sunhux - Thanks and I was happy to help.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now