sunhux
asked on
Ban Wifi broadband & 4G in datacenters to protect against data leaks & unauthorized remote access
I've seen engrs who plug in a USB dongle or have a way of enabling wireless on Windows
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls. Some servers (esp Linux) do not join AD, so can't enforce from GPO
Q1:
Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs
Q2:
If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?
Q3:
Within what vicinity should we ban such broadband Wifi / 4G ? 50m or what's the
usual distance these signals can't be connected to?
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls. Some servers (esp Linux) do not join AD, so can't enforce from GPO
Q1:
Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs
Q2:
If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?
Q3:
Within what vicinity should we ban such broadband Wifi / 4G ? 50m or what's the
usual distance these signals can't be connected to?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And that's all besides the point that jammers are illegal in most countries.
ASKER
John, by engrs, I meant server admins (who hold root/administrator access).
Kimputer, what's "jammers"? I'm not native English
Kimputer, what's "jammers"? I'm not native English
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Think I've seen one link by Cisco Networks that recommends Wireless Broadband
AP should be banned in a DC environment
AP should be banned in a DC environment
ASKER
Or do most servers' hardware comes without a wireless LAN adapter?
Think I've seen a couple from HP that comes with one
Think I've seen a couple from HP that comes with one
Servers (the ones we have) do not have Wireless Access. In spite of any security, it would remain a security breach.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@sunhux - Thanks and I was happy to help.
ASKER
I mean without joining AD, the engrs could enable back USB ports
(that were disabled by hardening at OS level)