+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Network and Classroom Management Thread, Preventing Ipods/blackberries/android connecting to our wireless network in Technical; To my surprise we ran out of IP addresses this morning. On closer inspection It looks like the kids are ...
  1. #1
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,808
    Thank Post
    906
    Thanked 420 Times in 353 Posts
    Blog Entries
    12
    Rep Power
    87

    Preventing Ipods/blackberries/android connecting to our wireless network

    To my surprise we ran out of IP addresses this morning.

    On closer inspection It looks like the kids are connecting their wireless devices to our network and taking up loads of Ips.

    Image1.jpg

    Now I realize that I can't ever keep the wireless key totally secure so I'm looking at different ways to tackle the problem?

    Is there any way to stop names like "ipod" getting a DHCP address?

    What about stopping them getting an address from our managed wireless aruba system?

    Anything I'm missing?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,039
    Thank Post
    888
    Thanked 1,727 Times in 1,490 Posts
    Blog Entries
    12
    Rep Power
    453
    Now I realize that I can't ever keep the wireless key totally secure
    Why not, only IT support staff know ours.

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,621
    Thank Post
    229
    Thanked 860 Times in 738 Posts
    Rep Power
    297
    theres another thread about this on here atm but basically iirc it boiled down to 2 simple solutions

    if you have 08r2 server you can add the device to a block list by right clicking its lease and add to filter deny

    if you dont have 08 r2 give it a reserved ip in a silly range so say 99.99.99.101

  4. #4

    Join Date
    Mar 2010
    Posts
    26
    Thank Post
    0
    Thanked 8 Times in 2 Posts
    Rep Power
    13
    Microsoft provides some helpful guides to ensure that only domain member clients are logging onto your network. Try the link below:

    Securing Wireless LANs with PEAP and Passwords

  5. #5
    Iain's Avatar
    Join Date
    Oct 2006
    Location
    Warwickshire
    Posts
    188
    Thank Post
    28
    Thanked 93 Times in 53 Posts
    Rep Power
    32
    Take a look at some kind of Network Access Control, such as Microsoft's NAP (Network Access Protection), or PacketFence (PacketFence: Open Source NAC (Network Access Control))

    Iain.

  6. #6
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,808
    Thank Post
    906
    Thanked 420 Times in 353 Posts
    Blog Entries
    12
    Rep Power
    87
    Thanks for all the advice, It was surprisingly easy with the Microsoft macfilter DLL

    I'll write a blog post about it later.

    This method is a little tedious but gives me lots of control over who connects to the network.

  7. #7
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,808
    Thank Post
    906
    Thanked 420 Times in 353 Posts
    Blog Entries
    12
    Rep Power
    87
    Quote Originally Posted by FN-GM View Post
    Why not, only IT support staff know ours.
    The kids have obviously found a way to get it. I'd imagine they simply use wirelesskeyview.exe on any client in the school.

    It tells you the wireless key right away, there's no way I could stop that happening easily.

  8. Thanks to zag from:

    SimpleSi (10th November 2010)

  9. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,039
    Thank Post
    888
    Thanked 1,727 Times in 1,490 Posts
    Blog Entries
    12
    Rep Power
    453
    Quote Originally Posted by zag View Post
    The kids have obviously found a way to get it. I'd imagine they simply use wirelesskeyview.exe on any client in the school.

    It tells you the wireless key right away, there's no way I could stop that happening easily.
    what type of key are you using?

  10. #9
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,808
    Thank Post
    906
    Thanked 420 Times in 353 Posts
    Blog Entries
    12
    Rep Power
    87
    Quote Originally Posted by FN-GM View Post
    what type of key are you using?
    WPA2.

    That utility doesn't crack it though.

    It simply reads the key from the windows registry on any client that has it stored.

  11. #10

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,026
    Thank Post
    1,631
    Thanked 1,920 Times in 1,419 Posts
    Blog Entries
    2
    Rep Power
    434
    MAC Address block them all, that way they will never be able to connect

  12. #11
    Hedghog's Avatar
    Join Date
    Jul 2006
    Location
    North Wales
    Posts
    194
    Thank Post
    35
    Thanked 17 Times in 16 Posts
    Rep Power
    37
    Yes - as nephilim has said mac address filter - I use a white list (only devices registered with me) on the access points. Unauthorised clients just fail to associate.

  13. #12
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    895
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    It tells you the wireless key right away, there's no way I could stop that happening easily.
    Unless you have an uptodate version of Sophos, which blocks it as "adware/PUA 'NirSoft'"

    What about stopping them getting an address from our managed wireless aruba system?

    Anything I'm missing?
    Surely on a managed system the security should be dealt with by AD via PEAP etc anyways...? Sounds like the system hasn't been configured correctly. Our Trapeze system only allows domain members access, and only if those members are within a specific machine group.

    Here, even the IT Support team don't know the wireless key...!

  14. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,039
    Thank Post
    888
    Thanked 1,727 Times in 1,490 Posts
    Blog Entries
    12
    Rep Power
    453
    Quote Originally Posted by zag View Post
    WPA2.

    That utility doesn't crack it though.

    It simply reads the key from the windows registry on any client that has it stored.
    Well i would block the students from running .exe file (loads of threads on here about it) Once you have done that change your key.

  15. #14
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,808
    Thank Post
    906
    Thanked 420 Times in 353 Posts
    Blog Entries
    12
    Rep Power
    87
    Thanks for the suggestions, definitely going to look at banning wirelesskey.exe to stop the problem at cause as well.

    Blog post.

    http://www.edugeek.net/blogs/zag/533...l-network.html

  16. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,039
    Thank Post
    888
    Thanked 1,727 Times in 1,490 Posts
    Blog Entries
    12
    Rep Power
    453
    Also if your running out of IP's change your lease time this will help. Ours is set to 8 hours.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 22
    Last Post: 30th March 2011, 01:44 PM
  2. Connecting to Exchange (SBS2003) by iPhone & Android. Strange problem.
    By Number6 in forum Netbooks, PDA and Phones
    Replies: 18
    Last Post: 9th October 2010, 04:17 PM
  3. Replies: 5
    Last Post: 2nd April 2009, 06:51 PM
  4. Connecting ASUS eee to a wireless network
    By srochford in forum Wireless Networks
    Replies: 1
    Last Post: 22nd April 2008, 11:48 AM
  5. Connecting to wireless on DOMAIN
    By johnkay21 in forum Windows
    Replies: 11
    Last Post: 5th July 2007, 01:33 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •