Ah the old eighth layer. Policy policy policy = termination termination termination. Usually the first one to go gets the point across to the other folks. ;>
-----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 1:27 PM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] At 11:54 AM 6/24/02, chris wrote: >WEP for starters, then you can set the acccess point to only accept >connections from specific MAC addresses. I don't think he was asking how to secure a wireless network. He was asking how to control non-IS user types from installing new equipment on the network, including wireless LANs. The question is as old as the hills, really. I remember back in the olden days when we had similar problems because people would add modems and software-based routers, etc. Anyway, about the only modern solution I can think of is the MAC-based security on switches. Presumably for this rogue wireless network to work, they first installed an access point into an Ethernet port. That access point has a different MAC address than the device that's "supposed" to be on that switch port. So MAC-based security on the switch would help because it would say only let the configured MAC address in. (I think that's how it works?) It's probably a huge hassle to do MAC based security, however. The other solution is based on the eighth layer of the OSI model: Policies. Make your users sign an Acceptable Use Policy statement and make sure there are consequences if they go against it (torture chambers and the like.) Priscilla >You can implement LEAP on the >cisco AP, radius/tacacs+ requiring user/pass. Then you could place the AP >outside the LAN/Firewall and require VPN to access the LAN resources. > >Cisco has good whitepaper on securing wireless. What you have experienced >pretty common. > >Chris >""Patrick Donlon"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I've just found a wireless LAN set up by someone in the building, I found >it > > by chance when I was checking something with a colleague from another >dept. > > The WLAN has zero security which is not a surprise and lets the user into > > the main LAN in the site with a DHCP address served up too! Does anyone >have > > any tips on preventing users and dept's who don't think about security >from > > plugging whatever they like into the network, > > > > Cheers > > > > Pat > > > > > > > > -- > > > > email me on : [EMAIL PROTECTED] ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47306&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]