Ban Wifi broadband & 4G in datacenters to protect against data leaks & unauthorized remote access

I've seen engrs who plug in a USB dongle or have a way of enabling wireless on Windows
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls.  Some servers (esp Linux) do not join AD, so can't enforce from GPO

Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs

If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?

Within what vicinity should we ban such broadband Wifi / 4G ?  50m or what's the
usual distance these signals can't be connected to?
Who is Participating?
JohnBusiness Consultant (Owner)Commented:
The engineers should not be allowed access to the servers so then they cannot use wireless on the servers. You can stop this with using standard security.

The servers should be in a locked and separate environment and only server admins have access.

If need be, remove the keyboard and monitors on the servers and run headless. Account security will prevent other that legitimate access.

I do not usually see written policies. Secure the servers and secure access as noted above. That will keep people  out

If authorized people are mis-behaving, fire them.
sunhuxAuthor Commented:
> Linux) do not join AD, so can't enforce from GPO
I mean without joining AD, the engrs could enable back USB ports
(that were disabled by hardening at OS level)
And that's all besides the point that jammers are illegal in most countries.
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

sunhuxAuthor Commented:
John,  by engrs, I meant server admins (who hold root/administrator access).

Kimputer, what's "jammers"?  I'm not native English
JohnBusiness Consultant (Owner)Commented:
After I posted, I realized that. But these people should have Job Descriptions that require them to behave.  People who have root admin access can do and defeat whatever they want.

So control these people.
sunhuxAuthor Commented:
Think I've seen one link by Cisco Networks that recommends  Wireless Broadband
AP should be banned in a DC environment
sunhuxAuthor Commented:
Or do most servers' hardware comes without a wireless LAN adapter?

Think I've seen a couple from HP that comes with one
JohnBusiness Consultant (Owner)Commented:
Servers (the ones we have) do not have Wireless Access. In spite of any security, it would remain a security breach.
JohnBusiness Consultant (Owner)Commented:
To summarize:

Remove all wireless access from servers. Connect only by Ethernet.
Have strong root security on the servers.
Have a Job Description for Administrators and explain the facts of life to them. Discipline if necessary.

I do small business consulting along with a client. Only he and I have access and no one else does. We know what we are doing.
JohnBusiness Consultant (Owner)Commented:
@sunhux - Thanks and I was happy to help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.