Monitor WiFi access points

By c.grz
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

n_K

Posted
Posted

Also working for a local government LE agency I can tell you the BEST way to handle this type of situation is through policy with strict warnings/actions. And as to the comment above saying that introducing wireless interference is not illegal simply because you are part of the government or government service is incorrect.

Wrong, it is correct.

http://www.telegraph...ng-devices.html

and http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/jammers/

Link to comment
Share on other sites
Grand Master

xendrome

Posted
Posted

Ok what I am saying is just because someone works for the government doesn't mean they can just jam cell phone signals. If a jail wants to jam cell phone signals to keep inmates from trying to make outbound calls and smuggling in cell phones, then I'm sure they have proper approval and have done the correct steps to take those actions. But just going "Oh hey I work for the government... <<turns jammer on>>" doesn't make it legal.

Link to comment
Share on other sites
Grand Master

Draconian Guppy

Posted
Posted
Yeah i'm probably "desensitized" on sensitive information... :p BUTT that said, disabling wifi is easy, installing group policies as well. Eg email SHOULDn'T if not in same domain. Most desktops shouldn't have admin. privileges to install a wifi dongle (seeing as how most desktop don't come with built in wifi) etc...
Also working for a local government LE agency I can tell you the BEST way to handle this type of situation is through policy with strict warnings/actions. And as to the comment above saying that introducing wireless interference is not illegal simply because you are part of the government or government service is incorrect.
^ exactly, its not that they can browse porn (example) on their smartphone. Its that they are bypassing the company internet filtering, connecting the work device to an unsecured network, etc. Your best bet is to lock down the work devices to only be able to connect to specific wifi APs and not allow the users to change these settings. As to warning of these hotspots popping up, yeah the netsh script should be easy enough to setup so that you get a warning and details about the hotspot that is around.
might want to remind your boss that it is better to prevent aids then try to cure the aids breakout over the network.
Ok what I am saying is just because someone works for the government doesn't mean they can just jam cell phone signals. If a jail wants to jam cell phone signals to keep inmates from trying to make outbound calls and smuggling in cell phones, then I'm sure they have proper approval and have done the correct steps to take those actions. But just going "Oh hey I work for the government... <>" doesn't make it legal.
I thought working for the government gave you unlimited power... :-(

It does, through policies :shifty: I think what we can outline here is

YOU can setup the WORK related computers so that they don't connect to someother network.

Link to comment
Share on other sites
Mentor

dvb2000

Posted
Posted
I guess we'll just have to update our IT policy forbidding the use of wireless devices not approved for use by the I.T. Department.

As above, you're wasting your time.

You can only control your own network, and "possibly" any workstations you control by a locked down SOE. If they are using laptops (likely since you mention wifi) then most likely they are "mobile" staff who would be able to connect to wifi access points while they are away from the office, so its impossible for you to lock this down.

Even if not, they would just use their own smartphones/tablets to surf the web and you have ZERO control over their own personal devices.

Unless you're part of the government or a government service (which includes fire and police) in which case it's legal :p

I doubt it, even government departments (or in this case, micro managing, control freak, managers) would need to apply and receive the appropriate communications license to use such devices.

Link to comment
Share on other sites
Mentor

dvb2000

Posted
Posted
The issue is when these people use city owned equipment along with their personal hotspots/smart phones to bypass security we have in place to protect our network.

You need to step back and look at the overall picture then.

Your issue is that you want to protect your network.

Your problem is that employees are bypassing your security because you've locked them out of facebook (or whatever) via your proxy.

Simply put, you need to

1) remove restrictions on your internet gateway, which means YOU can control inbound hacking attacks.

2) publish some policy guidelines as to what can and can not be accessed, and get your users to agree/sign to the terms, and DO NOT block what your users want to access in their down time

3) "monitor" your internet connection, and send the appropriate warnings to the people violating your policy (via their manager). Offenders of "illegal" type content would be given more than a slap on the wrist.

4) don't concern yourself with people accessing gmail, facebook, neowin, WSJ, disney etc. I'd imagine people like firemen would have LOTS of downtime, so they need to occupy themselves somehow!

Link to comment
Share on other sites
Mentor

c.grz

Posted
  • Author
Posted

You need to step back and look at the overall picture then.

Your issue is that you want to protect your network.

Your problem is that employees are bypassing your security because you've locked them out of facebook (or whatever) via your proxy.

Simply put, you need to

1) remove restrictions on your internet gateway, which means YOU can control inbound hacking attacks.

2) publish some policy guidelines as to what can and can not be accessed, and get your users to agree/sign to the terms, and DO NOT block what your users want to access in their down time

3) "monitor" your internet connection, and send the appropriate warnings to the people violating your policy (via their manager). Offenders of "illegal" type content would be given more than a slap on the wrist.

4) don't concern yourself with people accessing gmail, facebook, neowin, WSJ, disney etc. I'd imagine people like firemen would have LOTS of downtime, so they need to occupy themselves somehow!

1) Outside of porn and a few other types of sites, firemen have unfiltered access to the web.

2) Each employee signs a policy when they are hired but like stated earlier by me, we need to update it to include new technologies like hotspots and the like.

3) We do "monitor" our internet connection via our Barracuda, but how would YOU go about monitoring a connection you have no control over or are aware is in use?

4) refer to #1

Right now all the "higher ups" are attempting to do is monitor the situation. They're attempting to do two things, make sure that this is even a problem and if so, to catch people in the act.

Link to comment
Share on other sites
Mentor

c.grz

Posted
  • Author
Posted

What barracuda model do you have? They have a remote filtering option that is built in most models on current firmware.

Also

http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-blackwhite-list-wireless-networks-in-vista-windows-7/

Thanks for the link. We currently have a 310 and a 410v.

Link to comment
Share on other sites
Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

You would have to check the 310 but I know that the 410 does.

http://www.barracudanetworks.com/ns/downloads/Admin_Guides/Barracuda_Web_Filter_AG_5.0.pdf

Should be around page 58. You always have the option to call up support and they will walk you through it. Support is usually really good provided you get them during the day time in west coast time.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing