+ Post New Thread
Results 1 to 4 of 4
Wireless Networks Thread, Shares and Network devices visibility... in Technical; ...
  1. #1
    Ben-BSH's Avatar
    Join Date
    Jun 2009
    Location
    UK
    Posts
    214
    Thank Post
    91
    Thanked 34 Times in 26 Posts
    Rep Power
    22

    Shares and Network devices visibility...

    Me Again! any help will be much appreciated

    Down in our 6th form area in school we are allowing students to use their own laptops to connect to our wireless point to browse the internet.

    There seems to be a lot of things that are accessible which definitely should not be.

    For example a student connects their own laptop to said wireless point and can open explorer and type \\servername (authentication prompt comes up but allows the student to connect with their domain\username and password) and view certain shares, even worse - \\pcname – the student can view shares and printers, add one and print something.

    Although it is unlikely they would know the names of our servers/PC’s it is still a small security issue that id like to close.

    The access point that is currently installed has been set up with a static IP address and has its gateway set to our firewall server. The firewall has a rule in place to only allow HTTP traffic from this source and deny everything else.

    Even with this rule set, the students can still access shares and printers. Is there a better way to lock it down so that they only have access to browse the internet?

    Thanks in advance

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,258
    Thank Post
    671
    Thanked 1,644 Times in 1,466 Posts
    Rep Power
    424
    The default gateway is only used when traffic is destined for another network so that's why they can still access your shares etc...

    Ben

  3. #3

    Join Date
    Nov 2009
    Posts
    54
    Thank Post
    3
    Thanked 12 Times in 12 Posts
    Rep Power
    12
    The most secure way to set it up would be to only let them connect with an Access point that would be connected to a DMZ port on your firewall. That way they would not be connected to your network at all.
    A work around could be to setup a second SSID for the guest account and only direct that traffic to the gateway. Not sure if that could work or not.

  4. #4
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    537
    Thank Post
    177
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    48
    I would suggest using a vlan for the wireless connections, and firewalling that from the rest of the network, otherwise wireless users have full access to your network from unmanaged devices.

    By the sound of it you already have firewall rules in place, you just need to funnel the data to the firewall.

SHARE:
+ Post New Thread

Similar Threads

  1. Cannot access network shares
    By DSapseid in forum Windows
    Replies: 12
    Last Post: 12th October 2009, 01:33 PM
  2. Stream live video to multiple devices across network
    By joe90bass in forum How do you do....it?
    Replies: 10
    Last Post: 13th February 2009, 12:33 PM
  3. Script visibility after login
    By Blind in forum Scripts
    Replies: 5
    Last Post: 21st April 2008, 11:03 AM
  4. PDA (yet again) accessing network shares
    By MK-2 in forum Wireless Networks
    Replies: 0
    Last Post: 15th January 2008, 08:58 AM
  5. Moodle + Access network Shares
    By darknova in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 28th November 2007, 03:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •