Shares and Network devices visibility...

[Ben-BSH]

Me Again! any help will be much appreciated

Down in our 6th form area in school we are allowing students to use their own laptops to connect to our wireless point to browse the internet.

There seems to be a lot of things that are accessible which definitely should not be.

For example a student connects their own laptop to said wireless point and can open explorer and type \\servername (authentication prompt comes up but allows the student to connect with their domain\username and password) and view certain shares, even worse - \\pcname – the student can view shares and printers, add one and print something.

Although it is unlikely they would know the names of our servers/PC’s it is still a small security issue that id like to close.

The access point that is currently installed has been set up with a static IP address and has its gateway set to our firewall server. The firewall has a rule in place to only allow HTTP traffic from this source and deny everything else.

Even with this rule set, the students can still access shares and printers. Is there a better way to lock it down so that they only have access to browse the internet?

Thanks in advance

[plexer]

The default gateway is only used when traffic is destined for another network so that's why they can still access your shares etc...

Ben

[Nixphoe]

The most secure way to set it up would be to only let them connect with an Access point that would be connected to a DMZ port on your firewall. That way they would not be connected to your network at all.
A work around could be to setup a second SSID for the guest account and only direct that traffic to the gateway. Not sure if that could work or not.

[robk]

I would suggest using a vlan for the wireless connections, and firewalling that from the rest of the network, otherwise wireless users have full access to your network from unmanaged devices.

By the sound of it you already have firewall rules in place, you just need to funnel the data to the firewall.