Ask the Expert

Limiting Internet access from a wireless LAN

We have an NT network in a school running DHCP, class B. My question is: How can I stop anybody from just plugging in a laptop and receiving access to the Internet, etc.? This problem will be made worse, as we are about to add a wireless LAN to complement our wired LAN. Is it possible for anyone who logs on via the WLAN to be forced to use a thin client session?


    Requires Free Membership to View

The first way is through physical security and preventing just anyone from plugging in. Given the school environment, that may or may not be possible. The second way is to have a firewall that only allows outbound access for authenticated users of your domain. That way if someone plugs in a laptop that is not part of your domain and cannot supply the necessary username and password to login to the network, the firewall will prevent outbound access.

For a wireless LAN, you should be using products that feature the "wired equivalent privacy" (WEP) or other encryption scheme. This limits access to only those users who have the current key. In addition, there are wireless LAN products that incorporate station authentication to allow you to further lock down access. Once the station has gained access, the user will still have to be able to log in to your domain to get past the firewall described above.

While I would still use WEP, note that WEP is no longer considered secure, as there are some well known vulnerabilities and exploits. I recommend the use of a VPN, as well.


This was first published in April 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: