We have one conference room upstairs that is shared with another agency. When we're going to use it, someone from IT goes up to the upstairs closet and plugs that port into the patch panel. Otherwise, it is unplugged. We do allow contractors/auditors, etc to connect to get an IP, so they can hit the internet, but they don't login to the network, and don't have access to anything internally. Could someone connect an AP? Ya, I guess so, but it's not allowed by default, and if found it would be removed. Joe Heaton
________________________________ From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 9:50 AM To: NT System Admin Issues Subject: RE: Wireless configuration service Do you have any conference/room break areas with network connections? Could a user/vendor/visitor/ambitious employee bring a laptop/wireless ap in and connect it to you wired network? Is this allowed or not. You need to evaluate if this security risk and decide do you need to guard against it. If so then you might want to investigate 802.1x security. From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 12:35 PM To: NT System Admin Issues Subject: RE: Wireless configuration service If you have no wireless requirements, then disabling your wireless configuration service would be a recommended action. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 10:55 AM To: NT System Admin Issues Subject: RE: Wireless configuration service Rogue wireless systems, right? So, if I don't have any APs, or any other wireless devices, I shouldn't need that? Joe Heaton ________________________________ From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 8:42 AM To: NT System Admin Issues Subject: RE: Wireless configuration service To protect your network from rogue machines. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 11:06 AM To: NT System Admin Issues Subject: RE: Wireless configuration service What would you use that authentication for? Joe Heaton ________________________________ From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 8:04 AM To: NT System Admin Issues Subject: RE: Wireless configuration service FWIW, I just saw an article that said if you are using 802.1x wired authentication, you will need this service to be running. From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 10:59 AM To: NT System Admin Issues Subject: RE: Wireless configuration service Me thinks you only need to have this service running on machines that actually have wireless network interfaces installed. At least, that is how we have it set here and our wireless laptops work great. It is disabled via GP on all desktops and servers. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 10:37 AM To: NT System Admin Issues Subject: Wireless configuration service Anyone have a good reason for this service being running and set to Automatic, if you don't support wireless devices in your network? Just found it running on my DC. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
