Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Wireless in the Workplace

  1. #11
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Why do they bring in their personal laptops to work? We had the issue here where temp employees would bring their unsecured laptop onto our network, put a stop to that. Its very hard to control your equipment when its not even yours.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #12
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    I don't think they represent any more of a risk to your network than a usb thumb drive.
    That should be possible to control and lockdown, since this is a security issue in this current scenario.
    (im still not sure if its possible on windows to lockdown for example hotplugging a usb device)


    About the work productivity thing. Heh, guess that depends on what school of thought you come from.
    I agree. Whilst productivity is an issue here, it depends how relaxed the situation is at this workplace. To be honest... (as long as its not on company machines) I dont think its 'THAT' bad if a user wants to check his email, or maybe they have some software to track their children or something, but if the users start spending time on facebook, twitter, or just surfing the net then it could be a pain.

    What number of private laptops/netbooks are we talking about here anyways? A majority?
    If you can lockdown the following:

    - USB hotplugging &
    - User being able to connect to an additional network

    then i would say the security side has been taken care off, so the only thing to talk to your boss about would be productivity (if this falls under your jurisdiction).

    However:

    Why do they bring in their personal laptops to work? We had the issue here where temp employees would bring their unsecured laptop onto our network, put a stop to that. Its very hard to control your equipment when its not even yours.
    still is the best advice regardless of private opinions!
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Please excuse my ignorance here as these MiFi devices are new territory for me What are they actually connecting to? Is it their own private ISP account, or is it the corporate WiFi node?

    If it is a private ISP, then I don't see how it is that much different from bringing a mobile (cell) phone into the workplace, from a security viewpoint?

    If it is the corporate WiFi, it shouldn't really be a problem, as you should not be able to access the corporate LAN or WAN with an unauthorised device? As I mentioned earlier I only have my (crude) home network to go by; but that will not authenticate a new device without the wireless key (password).

    I have been doing a bit of experimentation with 5 computers that are wirelessly connected to my network. The OSes are:
    Windows 2000 Pro
    Windows XP Pro (x2)
    Windows XP Home
    Windows Vista Home Premium.

    Three of them have identical 802.11n USB adapters and the other two have different makes.

    The three identical ones will hotswap (irrespective of OS), whilst the other two will not. They fail at the desktop because the correct drivers/management software is not loaded. That is pretty much what I expected.

    I also tried USB memory sticks, keyboards and mice

    Windows is rather more subtle than I expected!!!

    1. If Windows has seen the device before, it just informs me that it has been mounted and recognised.

    2. If Windows has not seen the device before, it goes into "Found New Hardware" mode and wants to look for the Windows drivers for it, to install the "new hardware". Users should not have the authority to do this.

    In the case of USB memory sticks, it will do this EVEN IF IT IS THE EXACT SAME MAKE AND MODEL as one it already recognises. I am not sure about keyboards, but a cheap optical USB wheel mouse will be recognised if it is the same make & model. I am not really concerned about that, as I would have thought that the MiFi device was at least as complex as my WiFi adapters, and would need software loading to work?

    So, my thoughts are that if the users are prevented from installing new hardware, new software and from accessing the corporate networks with an unauthorised device, you should be pretty secure.

    I am not sure what would happen if you tried to connect via an authorised device using CAT5/RJ45, but I would have thought that the desktop should be locked down against connecting new hardware, and the user would not have the authority to allow sharing? Also, I would expect that what the authorised device was doing would show up in the logs?

    I don't think they represent any more of a risk to your network than a usb thumb drive.
    Probably less, as you can take a memory stick home and get it infected, then bring all the goodness back to the workplace.

    The only problem I can envisage that doesn't seem to have been mentioned, is that these are private devices within range of the corporate WiFi. There might be an issue of interference, particularly if one of the devices is in the process of failing. That would be difficult to trace as the device is not connected to the network.

    As for productivity, that is normally an HR (human remains? ) issue, rather than an IT one.

    To me, the main issue would be if it is the corporate WiFi that is being used. If it is, then I would say that there is an issue, as anything that is done will trace back to the company, including downloading illegal material?

    Just a few thoughts

  4. #14
    A MiFi device connects directly to the cellular network, and lets devices connect to it to use that connection for internet access--sort of like a wireless router whose WAN interface connects directly to the nearest cellular tower.

    And some of these things are TINY. I think I mentioned that I've seen one that's about half the size, but twice the thickness, of a credit card. But I can detect every one of them from a central console due to their WiFi signal, and try to triangulate their location on the buildings' floorplans. If I need to, I can disrupt the WiFi communication so any device associated with these MiFi devices gets disconnected over and over again.

    But, for now, all I'm doing is going to each signal I find, taking down the name of the owner and cube number, and putting that in a database, with an association with the device's MAC address. Just in case policy ever changes in a way that prohibits these devices...

    So I'm gathering that this particular issue may be more of a productivity issue than a security issue. And we'll be able to control how USB devices are treated on any endpoint on the network pretty soon. So the MiFi 'problem' may become more of a moot issue.

    A question: I've installed dd-wrt on all my routers at home, and I've noticed a feature that allows an access point to connect to another access point as a client. Is there a way that MiFi devices could do the same thing? I'm asking because of our workplace WiFi infrastructure and all...

  5. #15
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Is there not some kind of co$t associated with this extra traffic??

    Sometimes thats all the powers that be are concerned with...

    MLF
    Last edited by morganlefay; January 17th, 2011 at 05:17 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #16
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    Quote Originally Posted by NukEvil View Post
    A question: I've installed dd-wrt on all my routers at home, and I've noticed a feature that allows an access point to connect to another access point as a client. Is there a way that MiFi devices could do the same thing? I'm asking because of our workplace WiFi infrastructure and all...

    As far as I'm aware, no, not really. I haven't read about anyone that's successfully replaced the firmware. I haven't tried b/c I don't want a brick. You can set a mifi as your internet AP point and connect another router to the mifi to allow more than the five devices the mifi would allow, but going the other way doesn't work. Actually, I lie, I think you could pull it off, but it would be pointless, you would just have added a router to your existing work network and the point of the device would be ruined.

    Nihil, as the US cell carriers are moving towards integrating 4G, they're left with a 3G backbone that they need to try to make money off of. So most carriers are now offering these devices that work strictly on their 3G networks, verizon offers 4G service, but it's expensive. It doesn't touch the official "interbutts" as it were, it is a private network, in a sense.
    Every now and then, one of you won't annoy me.

  7. #17
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    As I understand it, these MiFi devices are intended to connect to a cellnet tower, so I imagine that they communicate rather differently from standard wireless cards or USB adapters? I am assuming that the external router connection is wired?

    Why would you want to connect to the company's WiFi, which you know is monitored and logged? If I control the gateway, I know who and what goes in and out.

    If, on the other hand, if it were possible for a user to connect one of these MiFi devices to a company computer and run it at the same time as the regular corporate connection, but through the private carrier, then you would have a problem. You would have a rogue connection to your network that would potentially compromise your security. I am not even sure if this would be possible in Windows without having a separate user account and/or hardware profile? It sounds a lot less hassle just to use your private laptop.

    Having said that, your network security software should be scanning for unauthorised devices attached to endpoints.

    The MiFi devices should not be able to connect to your routers anyway, even if it were technically possible, because they should fail authentication. They are, after all, just another wireless device seeking access.

    Also, users should not be able to install programs on corporate machines. This should prevent them installing complex hardware that needs its own drivers and other software. I am pretty sure that Windows does not provide native support (I am not sure about Windows 7) for these MiFi devices. I am basing this on the fact that all my WiFi adapters needed their own software installing before they would work; that's Windows 2000 Pro through Vista.

    And we'll be able to control how USB devices are treated on any endpoint on the network pretty soon.
    Oh dear! you mean to say that you are not doing that already? That is a much bigger security issue than MiFi devices IMO.

  8. #18
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    Quote Originally Posted by nihil View Post
    Hmmmm,

    As I understand it, these MiFi devices are intended to connect to a cellnet tower, so I imagine that they communicate rather differently from standard wireless cards or USB adapters? I am assuming that the external router connection is wired?
    Totally unwired, that's the point of them. They're essentially cell phones on rhoids that take a cell signal and convert it to 802.11 WLAN prots. Like the little dongles they've been putting out for years now. These just happened to have a halfway decent wireless router stuffed into them. They're really quite nifty...I was shuffling my little brother and a couple of his friends around a bit ago, and when they realized they had a connection for their psps and itouches I was like "Uberman". Now they won't stop harassing me for a ride.
    Every now and then, one of you won't annoy me.

  9. #19
    Quote Originally Posted by nihil View Post
    Oh dear! you mean to say that you are not doing that already? That is a much bigger security issue than MiFi devices IMO.
    Well, we would be doing that by now. In fact, we should have been doing this for the past month. Unfortunately, a project manager got wind of it, and has demanded we put her process in place before anything gets installed. I mean, she literally forced herself into the meeting room where we were planning on the location of installing the kit and ordered everyone to stop what they were doing. The system they make people put their 'projects' on is several levels deep and dozens of options per level. By the time project management is through, your 'project' is several months late.

    The way things are going, I wouldn't be surprised if a short trip down a long, empty elevator shaft came up in her future...

  10. #20
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Wink

    I believe 'PMO' is a four letter word...in spirit if not in fact.

    This is a great discussion. It has touched on the many layers of protection an organization needs to consider and adopt...or waive. I see a couple of key points that should walk you straight to your answer, NukEvil... (apologies if these were better summed up already.)

    1. Can users connect personal systems to company network? (Caveat H4x0r: Not "are they allowed to" but "does something physically/logically stop them"?)

    2. Can users connect company systems already on the company network to MiFi access points (Same caveat as #1)?

    If either of these are answered "YES", I think you have a strong case to create an administrative control denying the use or even possession of a MiFi type device in the office workspace.

    http://j.mp/ch2bYm <- relevant dilbert-ness

    The USB storage issue is relevant, but its a separate issue. The MiFi has no impact on that issue because you can sneaker net a flash drive home with you as easily as you can use it to move bits the three feet from the official desktop to your personal laptop...the fact that information can be moved to a highly portable and unmanaged storage mechanism is the problem in that issue.

    Hope that helps.


    (Nihil et al...how's that for a comeback from a 3 year silence?)
    Last edited by zencoder; February 11th, 2011 at 05:22 PM. Reason: Clarification verbage and other nonsense.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Similar Threads

  1. Secure your wireless network
    By DeadAddict in forum The Security Tutorials Forum
    Replies: 10
    Last Post: July 21st, 2008, 12:16 AM
  2. How do I hack Hotmail, AOL etc?
    By Tiger Shark in forum Wireless Security
    Replies: 33
    Last Post: December 2nd, 2005, 06:49 PM
  3. Howto: Wireless router -> Existing LAN
    By yanksfan in forum Other Tutorials Forum
    Replies: 0
    Last Post: December 11th, 2004, 05:56 AM
  4. Installing wireless nic in linux with ndiswrapper ...
    By Shrekkie in forum Other Tutorials Forum
    Replies: 1
    Last Post: September 2nd, 2004, 09:11 AM
  5. Wireless 101
    By mmelby in forum The Security Tutorials Forum
    Replies: 1
    Last Post: October 23rd, 2002, 02:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •