Wireless in the Workplace
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Wireless in the Workplace

  1. #1
    Member
    Join Date
    Apr 2004
    Posts
    69

    Wireless in the Workplace

    Hi guys and gals, I need a little help.

    We recently purchased and installed a wifi security product called HiPath Wireless Manager, which is currently owned by Entarasys. Basically, using sensors scattered around the buildings where I work, it detects signals from WiFi devices and tries to triangulate their positions on maps we've put in HiPath's locations database. It also has the capability to block communications between devices, such as between an authorized client and a rogue access point. It's a pretty decent product; it needs a little work, but it'll do.

    That's not the problem.

    Lately, users have been bringing in these MiFi devices--WiFi routers which connect to a cellular network, for those who don't know. Some of these run off batteries, and are about half the size and twice the thickness of a credit card. Our Internet security policy states that you are not allowed to have any device connected to our internal network and another network simultaneously. It also states that no non-corporate-owned or managed device can connect to our internal network. These MiFi devices don't allow people to connect to our internal network; they simply allow them to connect straight to the internet.

    My boss is wondering why I'm worried about these MiFi devices, and I keep telling her that although we can see the MiFi devices, we are unable to see whether or not whatever's associated with these devices (laptop, etc) is connected to our internal network via ethernet without chasing down each signal, and physically looking in the cubicles to see whether or not their laptops are connected to the networks. Also, these employees could be wasting time surfing the net without the fear of being logged. The boss says that's more of a productivity problem, and not a security problem.

    So, can someone give me a case that these MiFi devices are not only bad for productivity, but also from a security standpoint?

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    nc -lv 1234 < \\server\share$\supersecret.doc
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Quote Originally Posted by NukEvil View Post
    So, can someone give me a case that these MiFi devices are not only bad for productivity, but also from a security standpoint?
    Depending on the security settings of each station/laptop/whatever the MiFi is connected to, it could be an open hole to the machines it connects with and the internal network.

    Apart from that.... you say your security policy doesnt allow this? Then why is it possible from a technical point of view to work? Cant you lock down the company's computers? We would need much more info on your network and hardware and OS involved in the whole thing.

    I dont know what systems you are using, but on the PCs and laptops i administer, the user can not connect to any wifi that is not set in the config files, he can not install any other wifi client since he does not have access to install such, and he has no access to add any USB devices either (so not even a router/modem/MiFi with usb would work). (Thats for linux, i have no idea if that is even possible with windows).

    The security policy should not ONLY state what is allowed and what not, but it should also ENFORCE what it states using technical means.
    Last edited by instronics; January 13th, 2011 at 08:22 PM.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    Member
    Join Date
    Apr 2004
    Posts
    69
    I should probably have mentioned that the laptops aren't company-owned, either. The employees bring both laptop and mifi device from home. And they don't connect them to the internal network; they simply want to access the internet with them.

  5. #5
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Quote Originally Posted by NukEvil View Post
    I should probably have mentioned that the laptops aren't company-owned, either. The employees bring both laptop and mifi device from home. And they don't connect them to the internal network; they simply want to access the internet with them.
    Are these private laptops used for company work? Do they carry company files? Do they connect to anything company related other than using them for internet during company operating hours? Is your concern for the mifi's only for their private laptops? What does your security policy say about using private laptops?

    Im sorry dude, but from what you have said so far, its still not easy to understand the 'what-is' situation, and the 'should-be' situation.

    If the private laptops are not connected to the company network, and no company work is performed on the private laptops, then there is no real security risk, but it sounds rather like a productivity issue.

    IF they use their private laptops for company work but cannot connect to the internal network, then how does their 'work' transfer from the company network on to the private laptops? (usb, email, ftp over the net)???? And if thats the case, then IT IS a security concern, although once again the company policy should dictate and enforce counter measures to these problems.

    Cheers
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  6. #6
    Member
    Join Date
    Apr 2004
    Posts
    69
    That's the thing; we don't know if they use the laptops only for internet access or if they also do work on them. I kinda doubt they'd use them for working purposes because of the desktop computer that every occupied cubicle has.

    As in my first post:
    Our Internet security policy states that you are not allowed to have any device connected to our internal network and another network simultaneously. It also states that no non-corporate-owned or managed device can connect to our internal network.

    It doesn't really state anything about countermeasures, other than "blah blah subject to punishment up to and including termination and possibly prosecution"...

  7. #7
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Quote Originally Posted by NukEvil View Post
    That's the thing; we don't know if they use the laptops only for internet access or if they also do work on them. I kinda doubt they'd use them for working purposes because of the desktop computer that every occupied cubicle has.

    As in my first post:
    Our Internet security policy states that you are not allowed to have any device connected to our internal network and another network simultaneously. It also states that no non-corporate-owned or managed device can connect to our internal network.

    It doesn't really state anything about countermeasures, other than "blah blah subject to punishment up to and including termination and possibly prosecution"...
    So the only 'security' breach that i see (maybe someone else can see more) is, that if a user uses a USB stick to copy files from his cubicle PC and copies them on to his laptop, the files are as safe as the user's private laptop.

    In any event, if thats not the case... then its a productivity issue since they seem to need to bring in their own 'internet' to go online. I presume that using the net from the company PCs' is no fun? Locked down etc?

    However.. what makes "YOU" think there is a security issue involved? Am I missing something maybe?

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    So, can someone give me a case that these MiFi devices are not only bad for productivity, but also from a security standpoint?
    I don't understand how productivity loss isn't sufficient enough to warrant attention.

    From a security standpoint, these users are introducing unmoderated internet into the workplace. If you can't guarantee that users won't connect their laptops to your internal network, then it is a security problem.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    My personal view (as an old fart with a free bus pass to prove it) is that I entirely agree with ShagDevil's post. That would be what I would expect of a normal corporate reaction, to what should be a non-corporate situation?

    I appreciate the posts that suggest that this should not be a problem ( other than productivity) but I wonder how you can actually prove that? After all, if anything goes wrong, your only defence is going to be due diligence.......... and how are you going to demonstrate that?

    I will readily admit that I know nothing about this technology, but it appears to be a situation where one is bringing an insecure wireess environment within range of a supposedly secure one?

    I guess that my first move would be to formally request the provision of similar equipment so that I could investigate the potential problems.

    Looking at my home network, I know that if I introduce a wireless device, it will see the router, but will require an access code to get accepted onto the network. Otherwise I believe that all that is possible is to use the wireless connection.

    I think that the authentication works on the MAC address of the attached device, but I haven't really investigated.

    I do wonder if I removed the USB WiFi adapter from one machine, would it work in another; without re-authentication?

    Thanks for this interesting thread...............you have gotten me thinking..........but only whilst sober

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    Quote Originally Posted by nihil View Post

    I think that the authentication works on the MAC address of the attached device, but I haven't really investigated.

    I do wonder if I removed the USB WiFi adapter from one machine, would it work in another; without re-authentication?
    It authenticates...most of the mifi units, if not all of them are a Novatel device, commonly the 2200. I have one. You have to authenticate, unless the owner of the device turned off the protection. I think they use WEP default, but you can change it to WAP2. Virgin Mobile recently dumped a prepaid version on retailers that rides on Sprint's 3G network. $40/month for unlimited data. They did recently announce, though, that they will cap the speeds to 256k after you break the 5Gb mark for a month.


    I don't think they represent any more of a risk to your network than a usb thumb drive.

    About the work productivity thing. Heh, guess that depends on what school of thought you come from.
    Every now and then, one of you won't annoy me.

Similar Threads

  1. Secure your wireless network
    By DeadAddict in forum The Security Tutorials Forum
    Replies: 10
    Last Post: July 21st, 2008, 12:16 AM
  2. How do I hack Hotmail, AOL etc?
    By Tiger Shark in forum Wireless Security
    Replies: 33
    Last Post: December 2nd, 2005, 05:49 PM
  3. Howto: Wireless router -> Existing LAN
    By yanksfan in forum Other Tutorials Forum
    Replies: 0
    Last Post: December 11th, 2004, 04:56 AM
  4. Installing wireless nic in linux with ndiswrapper ...
    By Shrekkie in forum Other Tutorials Forum
    Replies: 1
    Last Post: September 2nd, 2004, 09:11 AM
  5. Wireless 101
    By mmelby in forum The Security Tutorials Forum
    Replies: 1
    Last Post: October 23rd, 2002, 02:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides