Most companies are not doing anything about this, though you are rightfully concerned. What I've recommended to companies that I have provided consulting for is the following:
- Disable wall jacks that do not have anything connected. System Administrators on duty can re-enable them as needed.
- Set up conference rooms with two sets of jacks; one set connected to the network inside the firewall, one set outside the firewall. This allows visitors to connect to the Net to do presentations without accessing the corporate network. It also allows internal presentations to be held in the same room while using the corporate network.
- Visitors that need to have access to the Net but also need protection by your firewall must connect only on a special subnet behind the firewall that is restricted for use by visitors. This subnet can connect to the outside, but not to any of the other internal subnets.
These restrictions limit the damage to either outside your firewall, or to a subnet that only visitors use. It prevents damage to your corporate resources.
For more information on this topic, visit these other SearchSecurity.com resources:
This was first published in March 2003