Solved

Ban Wifi broadband & 4G in datacenters to protect against data leaks & unauthorized remote access

Posted on 2016-08-09
10
108 Views
Last Modified: 2016-08-10
I've seen engrs who plug in a USB dongle or have a way of enabling wireless on Windows
servers to allow remote access or download patches as the servers are blocked from
Internet access by firewalls.  Some servers (esp Linux) do not join AD, so can't enforce from GPO

Q1:
Is there any datacenter or audit policy docs out there (NIST, SANS) which spells out that
4G/broadband Wifi should be banned including PDA phones which has 4G hotspots?
Can point me to links that provide such docs

Q2:
If there is such a practice / audit best practices out there, how do datacenter auditors
go about scanning for the presence of such SSID (esp those that are non-broadcast)?

Q3:
Within what vicinity should we ban such broadband Wifi / 4G ?  50m or what's the
usual distance these signals can't be connected to?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 

Author Comment

by:sunhux
ID: 41748690
> Linux) do not join AD, so can't enforce from GPO
I mean without joining AD, the engrs could enable back USB ports
(that were disabled by hardening at OS level)
0
 
LVL 95

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41748701
The engineers should not be allowed access to the servers so then they cannot use wireless on the servers. You can stop this with using standard security.

The servers should be in a locked and separate environment and only server admins have access.

If need be, remove the keyboard and monitors on the servers and run headless. Account security will prevent other that legitimate access.

I do not usually see written policies. Secure the servers and secure access as noted above. That will keep people  out

If authorized people are mis-behaving, fire them.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 41748713
And that's all besides the point that jammers are illegal in most countries.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sunhux
ID: 41748868
John,  by engrs, I meant server admins (who hold root/administrator access).

Kimputer, what's "jammers"?  I'm not native English
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
ID: 41748872
After I posted, I realized that. But these people should have Job Descriptions that require them to behave.  People who have root admin access can do and defeat whatever they want.

So control these people.
0
 

Author Comment

by:sunhux
ID: 41748875
Think I've seen one link by Cisco Networks that recommends  Wireless Broadband
AP should be banned in a DC environment
0
 

Author Comment

by:sunhux
ID: 41748876
Or do most servers' hardware comes without a wireless LAN adapter?

Think I've seen a couple from HP that comes with one
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41748879
Servers (the ones we have) do not have Wireless Access. In spite of any security, it would remain a security breach.
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
ID: 41748926
To summarize:

Remove all wireless access from servers. Connect only by Ethernet.
Have strong root security on the servers.
Have a Job Description for Administrators and explain the facts of life to them. Discipline if necessary.

I do small business consulting along with a client. Only he and I have access and no one else does. We know what we are doing.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41750696
@sunhux - Thanks and I was happy to help.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question