Solved

Ban Wifi broadband & 4G in datacenters to protect against data leaks & unauthorized remote access

Posted on 2016-08-09
10
111 Views
Last Modified: 2016-08-10
I've seen engrs who plug in a USB dongle or have a way of enabling wireless on Windows
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls.  Some servers (esp Linux) do not join AD, so can't enforce from GPO

Q1:
Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs

Q2:
If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?

Q3:
Within what vicinity should we ban such broadband Wifi / 4G ?  50m or what's the
usual distance these signals can't be connected to?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 

Author Comment

by:sunhux
ID: 41748690
> Linux) do not join AD, so can't enforce from GPO
I mean without joining AD, the engrs could enable back USB ports
(that were disabled by hardening at OS level)
0
 
LVL 95

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41748701
The engineers should not be allowed access to the servers so then they cannot use wireless on the servers. You can stop this with using standard security.

The servers should be in a locked and separate environment and only server admins have access.

If need be, remove the keyboard and monitors on the servers and run headless. Account security will prevent other that legitimate access.

I do not usually see written policies. Secure the servers and secure access as noted above. That will keep people  out

If authorized people are mis-behaving, fire them.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 41748713
And that's all besides the point that jammers are illegal in most countries.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:sunhux
ID: 41748868
John,  by engrs, I meant server admins (who hold root/administrator access).

Kimputer, what's "jammers"?  I'm not native English
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
ID: 41748872
After I posted, I realized that. But these people should have Job Descriptions that require them to behave.  People who have root admin access can do and defeat whatever they want.

So control these people.
0
 

Author Comment

by:sunhux
ID: 41748875
Think I've seen one link by Cisco Networks that recommends  Wireless Broadband
AP should be banned in a DC environment
0
 

Author Comment

by:sunhux
ID: 41748876
Or do most servers' hardware comes without a wireless LAN adapter?

Think I've seen a couple from HP that comes with one
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41748879
Servers (the ones we have) do not have Wireless Access. In spite of any security, it would remain a security breach.
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
ID: 41748926
To summarize:

Remove all wireless access from servers. Connect only by Ethernet.
Have strong root security on the servers.
Have a Job Description for Administrators and explain the facts of life to them. Discipline if necessary.

I do small business consulting along with a client. Only he and I have access and no one else does. We know what we are doing.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41750696
@sunhux - Thanks and I was happy to help.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question