RE: Blacklisting wireless access points...

["Mike Drugov" <DRUGOVM () nychhc org>]

You can disable wireless card from bios and set a password to the bios to be password protected.

If those cards are usb or PCMCIA you can set a policy to stop wireless service

> > > "Babu.N" <babun () intoto com> 5/20/2008 4:03 AM >>>

Can't this be addressed by deploying NAC devices & installing NAC 
agents in the laptops that you mentioned ? I'm not sure whether NAC 
systems today support policy enforcement based on wifi enable/disable 
configuration in hosts.

If you dont get any way to disable wifi-access from such laptops, you 
may want to atleast make sure that such laptops (which may roam in 
insecure environments like neighbor's access points) dont infect 
other machines in your LAN by deploying a layer2/transparent UTM in 
your switches.


- Babu

At 12:20 AM 5/16/2008, Dan Denton wrote:
> My apologies for not being explicit enough. Due to the nature of our
> business, we do not allow the use of wireless at all for our users, however
> most of our users have laptops with wireless cards.
>
> The users in question have been instructed not to access any access points
> (there are a couple around us), protected or otherwise, run by neighboring
> businesses, and I do not believe they'd intentionally access them but I'd
> like to be sure they cannot.
>
> Thanks for the replies...
>
> -----Original Message-----
> From: infolookup () gmail com [mailto:infolookup () gmail com] 
> Sent: Thursday, May 15, 2008 12:19 PM
> To: Dan Denton; listbounce () securityfocus com;
> security-basics () securityfocus com 
> Subject: Re: Blacklisting wireless access points...
>
> Care to explain a bit more, are the access points controlled by your company
> and you don't want your users accessing them, or do you want to block them
> for AP's near by?
>
> If its the first why not setup a security protection on the AP to block
> users WPA2, radius something to that extend.
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: "Dan Denton" <ddenton () remitpro com>
>
> Date: Thu, 15 May 2008 10:19:35
> To:<security-basics () securityfocus com>
> Subject: Blacklisting wireless access points...
>
>
> Does the list know of a way/product to prevent users from accessing certain
> wireless access points? I figure AD has a group policy that can do this, but
> we don't currently use AD. Any suggestions are greatly appreciated...
>
> Thanks much,
>
> Dan




********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.
 
Intoto Inc. 


-----------------------------------------
Visit www.nyc.gov/hhc

CONFIDENTIALITY NOTICE: The information in this E-Mail may be
confidential and may be legally privileged. It is intended solely
for the addressee(s). If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to
be taken in reliance on this e-mail, is prohibited and may be
unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.