preventing users from dropping wireless onto the lan

Discussion in 'Wireless Networking' started by jim, Aug 31, 2004.

  1. jim

    jim Guest

    We have many lan subnets that are giving dhcp out

    I'm afraid that users may bring in one of their home airport express
    devices (or the like) and drop them on the network, so now they have
    unsecured wireless.

    Obviously this is a security risk. Is there some resonable way to
    prevent this?

    Thanks
     
    jim, Aug 31, 2004
    #1
    1. Advertisements

  2. Some access points have 'rogue AP detection' (e.g. Proxim) that could detect
    such a thing and send an SNMP alert.

    You can restrict your DHCP servers to only give IP addresses to known MAC
    addresses, or put restrictions on some DHCP parameters. For example, the
    built-in Windows DHCP client sends 'MSFT ...' as vendor string. It is
    unlikely that an AP would send that, so you can refuse an answer in that
    case

    Or you can try the polite way: hang up a sign saying "Please don't connect
    your home airport express devices to my LAN..." ;)
     
    Jeroen van Bemmel, Aug 31, 2004
    #2
    1. Advertisements

  3. jim

    jim Guest

    We have a acceptable user policy that includes this kind of thing, and
    it is common knowlege that it is not "OK", but nobody cares. (except
    me)

    We would have a very difficult time with MAC address restriction, but
    I will check the rougue AP detection. Any links would be appreciated

    Thanks
     
    jim, Aug 31, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.