We have an NT network in a school running DHCP, class B. My question is: How can I stop anybody from just plugging in a laptop and receiving access to the Internet, etc.? This problem will be made worse, as we are about to add a wireless LAN to complement our wired LAN. Is it possible for anyone who logs on via the WLAN to be forced to use a thin client session?
The first way is through physical security and preventing just anyone from plugging in. Given the school environment, that may or may not be possible. The second way is to have a firewall that only allows outbound access for authenticated users of your domain. That way if someone plugs in a laptop that is not part of your domain and cannot supply the necessary username and password to login to the network, the firewall will prevent outbound access. For a wireless LAN, you should be using products that feature the "wired equivalent privacy" (WEP) or other encryption scheme. This limits access to only those users who have the current key. In addition, there are wireless LAN products that incorporate station authentication to allow you to further lock down access. Once the station has gained access, the user will still have to be able to log in to your domain to get past the firewall described above.
While I would still use WEP, note that WEP is no longer considered secure, as there are some well known vulnerabilities and exploits. I recommend the use of a VPN, as well.
Dig Deeper on Wireless LAN Design and Setup
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.