Link to home
Start Free TrialLog in
Avatar of Bob Brown
Bob Brown

asked on

Stop Unsecured Wireless connection

How can I stop users Wireless connection from connecting to Wifi networks that have no password or unsecured. 

For example a user takes a laptop to a StarBucks or Hotel that has wireless that does not require a password, so the user with the laptop see's their network, clicks it and then connects to it.   - I want to stop this.





The laptop is a HP Probook   : mt21 Thin Client ThinPro 7. - This is linux
Avatar of J0rtIT
J0rtIT
Flag of Venezuela, Bolivarian Republic of image

By hiding the SSID...
That's only on the Router.

From the linux (or client side) the solution is to forget the unsecured ssids from the registry on your linux machine
https://superuser.com/questions/1191236/how-to-delete-ssid-data-from-debian-wifi-interface
https://askubuntu.com/questions/284018/is-there-a-way-to-make-ubuntu-forget-a-network-connection
netsh wlan add filter permission=allow ssid="WiFi Network Name" networktype=infrastructure
win10-allow-wifi

Open in new window

If you have more networks, then repeat the command while replacing the name to add more WiFi networks to the whitelist filter. Once you are done adding, use the below command to block all other not-whitelisted networks.

netsh wlan add filter permission=denyall networktype=infrastructure

Open in new window

From this point forward, your system can only see and connect to allowed WiFi networks.

Add these to group policy login scripts
Edit /etc/wpa_supplicant.conf and remove
network={
  key_mgmt=NONE
}

Open in new window

That is the entry that allows connection to arbitrary password-less networks.
Also check for networks with no passwords (psk="") - you might want to remove those as well.
Be sure to restart wpa_supplicant afterward.
I assume your users do not have root access to their laptops, or they could reverse the above.
(As Far As I Know, netsh is a Windows program; likewise the registry is a Windows thing).
I am a little concerned by your statement the user with the laptop see's their network, clicks it and then connects.
Are they running wifi-radar? That program requires root privilege (or some capabilities at least). Check it's not installed setuid root. Otherwise maybe its connect button bypasses my previous suggestion (I don't know for sure whether it does).
ASKER CERTIFIED SOLUTION
Avatar of dfke
dfke

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bob Brown
Bob Brown

ASKER

Thank you I will try it