preventing users from dropping wireless onto the lan

Discussion in 'Wireless Networking' started by jim, Aug 31, 2004.

  1. jim

    jim Guest

    We have many lan subnets that are giving dhcp out

    I'm afraid that users may bring in one of their home airport express
    devices (or the like) and drop them on the network, so now they have
    unsecured wireless.

    Obviously this is a security risk. Is there some resonable way to
    prevent this?

    Thanks
    jim, Aug 31, 2004
    #1
    1. Advertising

  2. Some access points have 'rogue AP detection' (e.g. Proxim) that could detect
    such a thing and send an SNMP alert.

    You can restrict your DHCP servers to only give IP addresses to known MAC
    addresses, or put restrictions on some DHCP parameters. For example, the
    built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
    unlikely that an AP would send that, so you can refuse an answer in that
    case

    Or you can try the polite way: hang up a sign saying "Please don't connect
    your home airport express devices to my LAN..." ;)


    "jim" <> wrote in message
    news:...
    >
    > We have many lan subnets that are giving dhcp out
    >
    > I'm afraid that users may bring in one of their home airport express
    > devices (or the like) and drop them on the network, so now they have
    > unsecured wireless.
    >
    > Obviously this is a security risk. Is there some resonable way to
    > prevent this?
    >
    > Thanks
    Jeroen van Bemmel, Aug 31, 2004
    #2
    1. Advertising

  3. jim

    jim Guest

    We have a acceptable user policy that includes this kind of thing, and
    it is common knowlege that it is not "OK", but nobody cares. (except
    me)

    We would have a very difficult time with MAC address restriction, but
    I will check the rougue AP detection. Any links would be appreciated

    Thanks



    On Tue, 31 Aug 2004 19:34:48 +0200, "Jeroen van Bemmel"
    <> wrote:

    >Some access points have 'rogue AP detection' (e.g. Proxim) that could detect
    >such a thing and send an SNMP alert.
    >
    >You can restrict your DHCP servers to only give IP addresses to known MAC
    >addresses, or put restrictions on some DHCP parameters. For example, the
    >built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
    >unlikely that an AP would send that, so you can refuse an answer in that
    >case
    >
    >Or you can try the polite way: hang up a sign saying "Please don't connect
    >your home airport express devices to my LAN..." ;)
    >
    >
    >"jim" <> wrote in message
    >news:...
    >>
    >> We have many lan subnets that are giving dhcp out
    >>
    >> I'm afraid that users may bring in one of their home airport express
    >> devices (or the like) and drop them on the network, so now they have
    >> unsecured wireless.
    >>
    >> Obviously this is a security risk. Is there some resonable way to
    >> prevent this?
    >>
    >> Thanks

    >
    jim, Aug 31, 2004
    #3
  4. http://www.proxim.com/learn/library/whitepapers/Rogue_Access_Point_Detection.pdf

    "jim" <> wrote in message
    news:...
    > We have a acceptable user policy that includes this kind of thing, and
    > it is common knowlege that it is not "OK", but nobody cares. (except
    > me)
    >
    > We would have a very difficult time with MAC address restriction, but
    > I will check the rougue AP detection. Any links would be appreciated
    >
    > Thanks
    >
    >
    >
    > On Tue, 31 Aug 2004 19:34:48 +0200, "Jeroen van Bemmel"
    > <> wrote:
    >
    >>Some access points have 'rogue AP detection' (e.g. Proxim) that could
    >>detect
    >>such a thing and send an SNMP alert.
    >>
    >>You can restrict your DHCP servers to only give IP addresses to known MAC
    >>addresses, or put restrictions on some DHCP parameters. For example, the
    >>built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
    >>unlikely that an AP would send that, so you can refuse an answer in that
    >>case
    >>
    >>Or you can try the polite way: hang up a sign saying "Please don't connect
    >>your home airport express devices to my LAN..." ;)
    >>
    >>
    >>"jim" <> wrote in message
    >>news:...
    >>>
    >>> We have many lan subnets that are giving dhcp out
    >>>
    >>> I'm afraid that users may bring in one of their home airport express
    >>> devices (or the like) and drop them on the network, so now they have
    >>> unsecured wireless.
    >>>
    >>> Obviously this is a security risk. Is there some resonable way to
    >>> prevent this?
    >>>
    >>> Thanks

    >>

    >
    Jeroen van Bemmel, Aug 31, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. lombardi
    Replies:
    1
    Views:
    1,318
    Chad Mahoney
    Apr 13, 2004
  2. Paolo Bresi
    Replies:
    1
    Views:
    613
    Walter Roberson
    Apr 4, 2005
  3. Chris Bales

    ADSL Dropping But not Dropping!!

    Chris Bales, Aug 28, 2004, in forum: Computer Support
    Replies:
    9
    Views:
    686
    Lee Bales
    Aug 29, 2004
  4. skiierj

    preventing Users from changing wireless connections

    skiierj, Sep 15, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    487
    skiierj
    Sep 15, 2006
  5. Theseeker

    Photo quality - onto paper or onto CD?

    Theseeker, Sep 25, 2004, in forum: Digital Photography
    Replies:
    8
    Views:
    385
    Yehuda Paradise
    Oct 4, 2004
Loading...

Share This Page