Solved

Ban Wifi broadband & 4G in datacenters to protect against data leaks & unauthorized remote access

Posted on 2016-08-09
10
80 Views
Last Modified: 2016-08-10
I've seen engrs who plug in a USB dongle or have a way of enabling wireless on Windows
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls.  Some servers (esp Linux) do not join AD, so can't enforce from GPO

Q1:
Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs

Q2:
If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?

Q3:
Within what vicinity should we ban such broadband Wifi / 4G ?  50m or what's the
usual distance these signals can't be connected to?
0
Comment
Question by:sunhux
  • 5
  • 4
10 Comments
 

Author Comment

by:sunhux
Comment Utility
> Linux) do not join AD, so can't enforce from GPO
I mean without joining AD, the engrs could enable back USB ports
(that were disabled by hardening at OS level)
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
Comment Utility
The engineers should not be allowed access to the servers so then they cannot use wireless on the servers. You can stop this with using standard security.

The servers should be in a locked and separate environment and only server admins have access.

If need be, remove the keyboard and monitors on the servers and run headless. Account security will prevent other that legitimate access.

I do not usually see written policies. Secure the servers and secure access as noted above. That will keep people  out

If authorized people are mis-behaving, fire them.
0
 
LVL 35

Expert Comment

by:Kimputer
Comment Utility
And that's all besides the point that jammers are illegal in most countries.
0
 

Author Comment

by:sunhux
Comment Utility
John,  by engrs, I meant server admins (who hold root/administrator access).

Kimputer, what's "jammers"?  I'm not native English
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
Comment Utility
After I posted, I realized that. But these people should have Job Descriptions that require them to behave.  People who have root admin access can do and defeat whatever they want.

So control these people.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:sunhux
Comment Utility
Think I've seen one link by Cisco Networks that recommends  Wireless Broadband
AP should be banned in a DC environment
0
 

Author Comment

by:sunhux
Comment Utility
Or do most servers' hardware comes without a wireless LAN adapter?

Think I've seen a couple from HP that comes with one
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Servers (the ones we have) do not have Wireless Access. In spite of any security, it would remain a security breach.
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
Comment Utility
To summarize:

Remove all wireless access from servers. Connect only by Ethernet.
Have strong root security on the servers.
Have a Job Description for Administrators and explain the facts of life to them. Discipline if necessary.

I do small business consulting along with a client. Only he and I have access and no one else does. We know what we are doing.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@sunhux - Thanks and I was happy to help.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now