Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connection to Public Wifi 1

Status
Not open for further replies.
vernpace

vernpace

Programmer
Feb 22, 2015
209
US
We have a security requirement that certain features of our software should not run if a user is connected to a public wifi (e.g. using our software at StarBucks). I have tried various APIs, but can find nothing that will determine if a user is specifically connected to a public wifi.

I have looked here: Also have looked here:
At first, I thought that a local IP address was not assigned by DHCP server for public wifi networks and that would be the solution. Wrong... So, head scratch. Anybody has an idea?
 
Sort by date Sort by votes
I don't think you can determine something like that by any means. I am reminded of the Windows network setting about categorizing the network you are in as private, company or public. But that's what the user will specify. It's not what Windows detects, so it's up to the user to give the right information. And if you'd determine what's specified there, a user that absolutely wants to use this software at Starbucks would simply lie about it.

In Windows 10 I find even just a simpler choice between public or private.
win_network_profile-16_hgo73u.png


While users will likely choose "Public" to get the highered security of their device not being discoverable on the network, if you'd take that to decide your software won't run, they'd surely be fine to say "this one time won't hurt me" and switch to private to run your software.

The only chance I see is making it depend on the wifi name, but how long a list do you want to maintain with patterns that match the names of public wifi?

I hope someone else knows a more reliable way to determine that status, but I can only recommend not to rely on the network profile type Windows has, as that's just a choice of the user and not reliable information about the actual type of the network.

Chriss
 
Upvote 0 Downvote
And of course, a whitelist of allowed wifi names would be easier to check than a blacklist. So if that software should only be allowed in the company then there should be a wifi name pattern that fits or they establish one like COMPANYWIFI???.

Well, and what else qualifies for the company obviously is being in their network domain GetEnv("USERDOMAIN").

It's obviously not very safe to depend on the latter, as any environment variable can be edited by users on their private PC/Laptop, no matter whether company clients restrict users permissions to do that.

So something on top should be verified that's only possible in the actual company domain. And what that could be is a PKI (public key infrastructure) as described here:

Before you establish something I'd talk to the IT department of that company, about whether such a PKI already exists.

The other very straight forward solution is software isn't installed on clients but on terminal servers running on company terminal servers and the users can only log in from the internal domain, not from outside of the company.


Chriss
 
Upvote 0 Downvote
Thanks Chris,

Without getting into details, our software was designed for peer-to-peer communications. It supports working in offices, from home, or from anywhere that is not connected to a public wifi (or least it should). We have code that automatically detects changes in the public IPv4 as well as private IPs (ethernet and wireless) which are assigned by a DHCP server.

I don't think there is a solution for detecting a public wifi network. The best we can do is present a message (when a network change is detected) asking the user if he/she is connected to a public wifi. If so, then a global flag can be set to disable certain features.
 
Upvote 0 Downvote
Could you try to detect a resource that would only be available on your private network, a machine not connected
to the outside world... or vice versa, make a resource public and if it is visible then knobble your software.



Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.

There is no place like G28 X0 Y0 Z0
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Steve Yu
  • Question
Westwind Web Connection server on LAN: can SPT (MS SQL) work ? 4
2 3
Replies
40
Views
1K
Steve Yu
Steve Yu
ravicoder
  • Locked
  • Question
Mysql Connection String using latest driver
Replies
3
Views
616
Chris Miller
Chris Miller
G
  • Locked
  • Question
Failure to pass data to form
Replies
7
Views
511
Chris Miller
Chris Miller
herbstgy
  • Locked
  • Question
Need to build web service, pronto :) 1
2
Replies
25
Views
2K
Chris Miller
Chris Miller
Filip Brnic
  • Locked
  • Question
Detail 1 band is to large to fit
Replies
5
Views
644
WilsonKWChan
WilsonKWChan

Part and Inventory Search

Sponsor

Back
Top