Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Preventing wireless routers/APs

Status
Not open for further replies.
PPettit

PPettit

IS-IT--Management
Sep 13, 2003
511
US
How can I prevent unauthorized wireless routers/access points on my wired network?

Would MAC filtering on my switches and/or routers work? Most of the routers I've seen will allow you to set whatever MAC address you want, so I don't see how MAC filtering would be the best solution. Are there other options that might work better?
 
Sort by date Sort by votes
PPettit,

I think you misunderstood about the Mac address. In the router you add the mac address of the device you want to have access.

However, this is not even close to a good solution. You can change the mac address. (hope this is what you are refearing.) There are utilities to change a Mac address.

There are a few combinations that you can use. Depending on how secure you want it to be, you could none broadcast the SSID, and/or enable 40 or 128 bit WEP key encryption. There are other ways but you should use these first.

 
Upvote 0 Downvote
I guess I need to make my point more clear.

I know how to set up security on a wireless network. I am not trying to keep people off of my wireless networks. I am trying to keep wireless networking products off of my wired networks.

I have to manage multiple small remote networks. My company does not use wireless networking products except at one mobile location. Since I cannot be present at all of the offices all of the time, I do not want people bringing in their wireless routers/access points and setting them up on their respective wired network without my permission. This is a huge security problem because they will most likely fail to configure the devices with the appropriate settings.

My goal is to find a way to keep these unauthorized wireless devices from functioning on my network.
 
Upvote 0 Downvote
If that is the case, then would suggest you to place a firewall between your wireless and wired network to filter the network traffic. However, if you don't have the control on wireless network's physical security, it's difficult to safeguard your network.

One other thing you might try is to create a small network (such as the network with netmask 28, 29 or 30 bits) on that remote wireless network, just enough to be used by the computers at that office. And enable MAC filtering. This approach is not 100% safe but at least you did the best to minimize the risk.

Hope helps..


:)
picoHat
Home Network, Wireless Network and Computer Networking Made Easy
 
Upvote 0 Downvote
PPettit
Just to see if I am listening... you are concerned about your "Wired Network"? You fear one of your users may add unauthorized device (wireless switch/router) of their own and attach it to your "wired network" without telling you.

The reason this concerns you so greatly... because you are responsible for the network security and in the above situation you cannot configure security on the unauthorized device because it's existance is being hidden from you. Perhaps "hidden" is the wrong term... The person who installed it didn't tell you about it.

TWO things to do,
you could setup a "net_scan.bat" which will discover every active IP on the network (I've got one if you need)
you could lock down your system (better let somebody else suggest a way)
 
Upvote 0 Downvote
This is taken directly from a page on the Cisco site (
Monitoring Rogue Access Points
Because unauthorized rogue access points are inexpensive and readily available, employees sometimes plug them into existing LANs and build ad hoc wireless networks without IT department knowledge or consent. These rogue access points can be a serious breach of network security because they can be plugged into a network port behind the corporate firewall. Because employees generally do not enable any security settings on the rogue access point, it is easy for unauthorized users to use the access point to intercept network traffic and hijack client sessions. Even more alarming, wireless users frequently publish unsecure access point locations, increasing the odds of having the enterprise security breached.
Click to expand...

Their "Wireless Control System" looks like it would take care of my needs but I have a feeling that it costs much more than I would want to spend.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

smittywes38
  • Locked
  • Question
Unable to print to wireless printer connected to VPN
Replies
0
Views
143
smittywes38
smittywes38
DenisTz
  • Locked
  • Question
Wireless Management software
Replies
0
Views
162
DenisTz
DenisTz
DrJorde
  • Locked
  • Question
No wireless receiver detected on your computer message after plugging in a USB3 1
Replies
3
Views
508
DrJorde
DrJorde
Shad0wguy
  • Locked
  • Question
UniFi APs not issuing DHCP on new VLAN
Replies
1
Views
126
eddiebullman
eddiebullman
kythri
  • Locked
  • Question
Cisco 4404/WiSM (1st generation) - Guest Wireless Help
Replies
0
Views
116
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top