Q

Limiting Internet access from a wireless LAN

This Content Component encountered an error

We have an NT network in a school running DHCP, class B. My question is: How can I stop anybody from just plugging in a laptop and receiving access to the Internet, etc.? This problem will be made worse, as we are about to add a wireless LAN to complement our wired LAN. Is it possible for anyone who logs on via the WLAN to be forced to use a thin client session?


The first way is through physical security and preventing just anyone from plugging in. Given the school environment, that may or may not be possible. The second way is to have a firewall that only allows outbound access for authenticated users of your domain. That way if someone plugs in a laptop that is not part of your domain and cannot supply the necessary username and password to login to the network, the firewall will prevent outbound access.

For a wireless LAN, you should be using products that feature the "wired equivalent privacy" (WEP) or other encryption scheme. This limits access to only those users who have the current key. In addition, there are wireless LAN products that incorporate station authentication to allow you to further lock down access. Once the station has gained access, the user will still have to be able to log in to your domain to get past the firewall described above.

While I would still use WEP, note that WEP is no longer considered secure, as there are some well known vulnerabilities and exploits. I recommend the use of a VPN, as well.


This was first published in April 2001

Dig deeper on Wireless LAN Design and Setup

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close