Hello 
I have a issue dealing with wireless security. I manage an office with 30 people. 
They are always coming and going (due to the nature of the job) and they each have 
their own laptop.

We have a wireless network setup WPA encrypted, firewalled. It's secure and I'm happy 
with it.

The problem is there are 3 OTHER unsecured networks that can be accessed from our 
office.  One of which is so unsecured you can access their router directly once connected 
to that network. Simply put the default gateway into your browser and when the login 
screen appears, press enter... It's ridiculous 

What I would like to do is come up with a way to prevent people from my office accessing 
these unsecured networks. Then doing business i.e. email, logging into secure sites 
we use, transferring sensitive information.

Simply telling them doesn't work. Some will always use the easier quicker option. 
Such is human nature.

So without just firing people if they use the unsecured networks what are my options?

Tip: Run a free scan for common Windows errors ad

re: Wireless security Monday, July 6, 2009 at 10:21 am Posted by Larry (1364 messages posted) That's a tough one because it depends on who owns these networks and the reason they don't have them secured. First, it would seem that if it were a "normal" business of some sort, let's say a retailer or insurance agency etc. they would have them secured. Then again, if it's some kind of coffee shop or restaurant offering free wireless access, then they are certainly within their rights to do so. Same thing goes if it's just a clueless individual in an apartment across the street. It might take some work to find out who owns these access points, but if you can perhaps you can find out WHY they are unsecured and explain THEIR vulnerabilities as well as yours. If they just don't know how to secure them offer to do it for them. However, if they want them open and free, as in the coffee shop example, I don't think there is much you can do about it technically or legally. The one exception might be the network that lets you into the router. I suppose you could give it a SSID and password to annoy the owner by locking them out but then YOU could be open to charges of tampering. And besides, once they figure out what has happened all they have to do is reset the router to the factory defaults and continue on their merry way. As I said in the beginning, if I were you I'd try to locate the owners and see what their situation is. Sadly though, even if you gain their cooperation new unsecured access points can pop up anytime all over again. On Monday, July 6, 2009 at 9:32 am, Cal wrote: >Hello >I have a issue dealing with wireless security. I manage an office with 30 people. >They are always coming and going (due to the nature of the job) and they each have >their own laptop. > >We have a wireless network setup WPA encrypted, firewalled. It's secure and I'm happy >with it. > >The problem is there are 3 OTHER unsecured networks that can be accessed from our >office. One of which is so unsecured you can access their router directly once connected >to that network. Simply put the default gateway into your browser and when the login >screen appears, press enter... It's ridiculous > >What I would like to do is come up with a way to prevent people from my office accessing >these unsecured networks. Then doing business i.e. email, logging into secure sites >we use, transferring sensitive information. > >Simply telling them doesn't work. Some will always use the easier quicker option. >Such is human nature. > >So without just firing people if they use the unsecured networks what are my options? [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 10:22 am Posted by alex (2812 messages posted) I would use MAC filtering. On Monday, July 6, 2009 at 9:32 am, Cal wrote: >Hello >I have a issue dealing with wireless security. I manage an office with 30 people. >They are always coming and going (due to the nature of the job) and they each have >their own laptop. > >We have a wireless network setup WPA encrypted, firewalled. It's secure and I'm happy >with it. > >The problem is there are 3 OTHER unsecured networks that can be accessed from our >office. One of which is so unsecured you can access their router directly once connected >to that network. Simply put the default gateway into your browser and when the login >screen appears, press enter... It's ridiculous > >What I would like to do is come up with a way to prevent people from my office accessing >these unsecured networks. Then doing business i.e. email, logging into secure sites >we use, transferring sensitive information. > >Simply telling them doesn't work. Some will always use the easier quicker option. >Such is human nature. > >So without just firing people if they use the unsecured networks what are my options? [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 10:29 am Posted by Cal (5 messages posted) I know how MAC filtering works as an extra security check on my network. Computers without a MAC address listed in my router can't join my network. How would that prevent people joining a different accessible network? [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 10:42 am Posted by oleg (154 messages posted) Static IP adresses for all your computers with your wifi router specified as standard gateway ? [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 11:34 am Posted by Adam Bradley (8787 messages posted) Unless the wireless cards all have a lockout that allows you to dictate exactly what network they can connect to you are out of luck. If these are your worker's personal laptops there is really nothing you can do. There is little to nothing you can do about the other networks beyond asking the people who own them to implement security. On Monday, July 6, 2009 at 9:32 am, Cal wrote: >Hello >I have a issue dealing with wireless security. I manage an office with 30 people. >They are always coming and going (due to the nature of the job) and they each have >their own laptop. > >We have a wireless network setup WPA encrypted, firewalled. It's secure and I'm happy >with it. > >The problem is there are 3 OTHER unsecured networks that can be accessed from our >office. One of which is so unsecured you can access their router directly once connected >to that network. Simply put the default gateway into your browser and when the login >screen appears, press enter... It's ridiculous > >What I would like to do is come up with a way to prevent people from my office accessing >these unsecured networks. Then doing business i.e. email, logging into secure sites >we use, transferring sensitive information. > >Simply telling them doesn't work. Some will always use the easier quicker option. >Such is human nature. > >So without just firing people if they use the unsecured networks what are my options? [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 1:23 pm Posted by MartinM (7551 messages posted) I believe you can do this with the Intel wireless management program but not MS's Wireless Zero Configuration service. If you succeed, the users won't be able to access, for instance, wireless networks at their homes ? Anyway, I'd start reading here . . . 'cos it tells you where to get Intel ProSET as well (if your laptops don't have it). [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 1:28 pm Posted by triplate (20834 messages posted) Theres is no Wireless Security...its a fraud if someone tells you there is...anybody can hack a wireless....even an AOL user... [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 4:08 pm Posted by Cal (5 messages posted) That's an inserting idea I'll look into it. The only issue would be not being able to connect at home as you mentioned. Maybe I could setup 2 profiles 'work" and "home". Will have to try out the software and see what it's capabilities are. [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 4:13 pm Posted by Cal (5 messages posted) Apart from trying out some new software I guess the best idea is to get the people with the unsecured networks to secure them. Now there are plenty of possibilities of where they could be..numerous houses and plazas containing various small businesses within range. I can't think of another way to track down the location/operators of the unsecured networks other going door to door. Even their SSIDs don't lend a clue 2 are called default and 1 is called purple. Seems like a rather low tech solution to a rather technical problem lol. [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 4:47 pm Posted by Cal (5 messages posted) That's a rather bleak viewpoint yet true I suppose if I want to face reality. I like to think making it as difficult possible will make the attacker pick easier prey. Perhaps having all these easy access networks around me might be an actual benefit haha. [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 4:52 pm Posted by triplate (20834 messages posted) well.........theres no sense in illusion ...unless you can change frequency at random and encrypt heavily..Wireless is wide open to anyone with a simple scanner.....i,ve never used it and never will at my base... but then again..i thought 3.11 was great...LOL* [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 6:47 pm Posted by Adam Bradley (8787 messages posted) 3.11 is a good OS, my old 3.11 never crashed save for the time it had a bad driver loaded or the time its MB dropped dead. Try saying that about a modern OS. Say what you will about the old MS-DOS era systems they were rock solid reliable (which is why western union uses MS-DOS to this day). On Monday, July 6, 2009 at 4:52 pm, triplate wrote: >well.........theres no sense in illusion ...unless you can change frequency at random >and encrypt heavily..Wireless is wide open to anyone with a simple scanner.....i,ve >never used it and never will at my base... but then again..i thought 3.11 was great...LOL* > >target="_blank"> >border="0" alt="Photobucket"> [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 7:02 pm Posted by triplate (20834 messages posted) Ya mean its better than VISTA or ME ???? ....ya think!!! [Reply or follow-up to this message] re: Wireless security Monday, July 6, 2009 at 9:19 pm Posted by Ari (1378 messages posted) Simple. Buy three cheap wireless routers. Set them to the same bands, same channels and same SSID's as the three neighboring routers you don't want your people to connect to, give them no encryption, and lock them in a closet in your office. Because they're so close, their signal strength will, in your office, overpower the signal strength of the distant neighboring routers and when your people try to connect to those distant routers, they'll get your decoy routers instead. You don't have to connect those routers to the internet; your people will connect to them, and get nothing. They'll learn soon enough that the only way to get internet connectivity is to connect to the network they're SUPPOSED to connect to. On Monday, July 6, 2009 at 9:32 am, Cal wrote: >Hello >I have a issue dealing with wireless security. I manage an office with 30 people. >They are always coming and going (due to the nature of the job) and they each have >their own laptop. > >We have a wireless network setup WPA encrypted, firewalled. It's secure and I'm happy >with it. > >The problem is there are 3 OTHER unsecured networks that can be accessed from our >office. One of which is so unsecured you can access their router directly once connected >to that network. Simply put the default gateway into your browser and when the login >screen appears, press enter... It's ridiculous > >What I would like to do is come up with a way to prevent people from my office accessing >these unsecured networks. Then doing business i.e. email, logging into secure sites >we use, transferring sensitive information. > >Simply telling them doesn't work. Some will always use the easier quicker option. >Such is human nature. > >So without just firing people if they use the unsecured networks what are my options? [Reply or follow-up to this message] re: Wireless security Tuesday, July 7, 2009 at 1:29 am Posted by oleg (154 messages posted) I think most of you are missing the point . The first one is that wifi is not safe . Any idiot can crack wep and wap . The second being that there is sensative data on computers and the / some of the people who have that data cant be trusted to keep it safe . You cant keep your data safe if the people can take their computers home with them = office computers stay in the office . Then you do what i said with the static IP adresses and specified router . Then you get rid of all software from those computers that shows other networks . XPLite will get rid of the microsoft wireless conection bits . Make rules and sack people who break them . Anyone who alters the settings of the computer or uses it on other networks is displaying a high degree of criminal energy........ its caled industrial espionage . Another thought and question for the experts here..... wouldnt it be possible to set up the wireless bits/ static IP adress with the administrator acount with a long password and then let the workers log on on other acounts so that they cant change anything major ? There are also programs that can stop users makeing any changes to the set up of the computer . [Reply or follow-up to this message] re: Wireless security Wednesday, July 8, 2009 at 7:53 am Posted by Dan Sarandrea, MCSE (7132 messages posted) I like Ari's solution the best if you want to maintain the status quo. The other option is to continuously scan your "airspace" for unsecured networks, connect to the config pages of those networks and establish security. Perhaps eventually the owners of those networks will realize what is happening and secure them on their own. Perhaps some of the owners will eventually amass an impressive collection of "defective" routers LOL :-) But the REAL issue is that you are under the impression that your wireless network is secure. As someone else posted, WEP is a joke, but you're using WPA, which is pretty good but has been cracked at least theoretically. AFAIK WPA2 is still uncracked. But the problem is NOT what wireless security level you operate, the problem is that people, as you say, come and go all the time. Unless you change the wireless password religiously each and every time someone leaves, your network is not nearly as secure as you think. Even with routine password changes, your network is still vulnerable to an outsider who gets the password from an employee, or from a disgruntled employee trying to "get even", which studies show is the number one threat to business networks. (You did not mention if you have a domain or workgroup, which would of course determine the security of network resources, or if you are using other nework security measures such as VPN or for the wireless connections a RADIUS server.) I ALWAYS advise my business customers that a hard-wired network is more reliable and more secure than wireless, and most take my advice. The ones who don't sign a waiver drafted by my attorney. [Reply or follow-up to this message] re: Wireless security Wednesday, July 8, 2009 at 8:24 am Posted by Ari (1378 messages posted) I'm fairly sure that Dan was kidding about this, since accessing your neighbors' unprotected routers and modifying their configurations would most likely be illegal. (Assuming you're in the USA, you could look here: http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/ComputerHackingandUnauthorizedAccessLaws/tabid/13494/Default.aspx to find the applicable legislation in your state.) On Wednesday, July 8, 2009 at 7:53 am, Dan Sarandrea, MCSE wrote: > >The other option is to continuously scan your "airspace" for unsecured networks, >connect to the config pages of those networks and establish security. Perhaps eventually >the owners of those networks will realize what is happening and secure them on their >own. Perhaps some of the owners will eventually amass an impressive collection of >"defective" routers LOL :-) [Reply or follow-up to this message] re: Wireless security Wednesday, July 8, 2009 at 8:54 am Posted by Dan Sarandrea, MCSE (7132 messages posted) Maybe I was kidding..... ;-) [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum