Wireless in the Workplace
Hi guys and gals, I need a little help.
We recently purchased and installed a wifi security product called HiPath Wireless Manager, which is currently owned by Entarasys. Basically, using sensors scattered around the buildings where I work, it detects signals from WiFi devices and tries to triangulate their positions on maps we've put in HiPath's locations database. It also has the capability to block communications between devices, such as between an authorized client and a rogue access point. It's a pretty decent product; it needs a little work, but it'll do.
That's not the problem.
Lately, users have been bringing in these MiFi devices--WiFi routers which connect to a cellular network, for those who don't know. Some of these run off batteries, and are about half the size and twice the thickness of a credit card. Our Internet security policy states that you are not allowed to have any device connected to our internal network and another network simultaneously. It also states that no non-corporate-owned or managed device can connect to our internal network. These MiFi devices don't allow people to connect to our internal network; they simply allow them to connect straight to the internet.
My boss is wondering why I'm worried about these MiFi devices, and I keep telling her that although we can see the MiFi devices, we are unable to see whether or not whatever's associated with these devices (laptop, etc) is connected to our internal network via ethernet without chasing down each signal, and physically looking in the cubicles to see whether or not their laptops are connected to the networks. Also, these employees could be wasting time surfing the net without the fear of being logged. The boss says that's more of a productivity problem, and not a security problem.
So, can someone give me a case that these MiFi devices are not only bad for productivity, but also from a security standpoint?