Wireless Networks Thread, Shares and Network devices visibility... in Technical; Me Again! any help will be much appreciated
Down in our 6th form area in school we are allowing students ...
4th November 2009, 02:39 PM #1
Shares and Network devices visibility...
Me Again! any help will be much appreciated
Down in our 6th form area in school we are allowing students to use their own laptops to connect to our wireless point to browse the internet.
There seems to be a lot of things that are accessible which definitely should not be.
For example a student connects their own laptop to said wireless point and can open explorer and type \\servername (authentication prompt comes up but allows the student to connect with their domain\username and password) and view certain shares, even worse - \\pcname – the student can view shares and printers, add one and print something.
Although it is unlikely they would know the names of our servers/PC’s it is still a small security issue that id like to close.
The access point that is currently installed has been set up with a static IP address and has its gateway set to our firewall server. The firewall has a rule in place to only allow HTTP traffic from this source and deny everything else.
Even with this rule set, the students can still access shares and printers. Is there a better way to lock it down so that they only have access to browse the internet?
Thanks in advance
IDG Tech News
4th November 2009, 03:26 PM #2
The default gateway is only used when traffic is destined for another network so that's why they can still access your shares etc...
4th November 2009, 03:40 PM #3
- Rep Power
The most secure way to set it up would be to only let them connect with an Access point that would be connected to a DMZ port on your firewall. That way they would not be connected to your network at all.
A work around could be to setup a second SSID for the guest account and only direct that traffic to the gateway. Not sure if that could work or not.
4th November 2009, 03:53 PM #4
I would suggest using a vlan for the wireless connections, and firewalling that from the rest of the network, otherwise wireless users have full access to your network from unmanaged devices.
By the sound of it you already have firewall rules in place, you just need to funnel the data to the firewall.
By DSapseid in forum Windows
Last Post: 12th October 2009, 02:33 PM
By joe90bass in forum How do you do....it?
Last Post: 13th February 2009, 01:33 PM
By Blind in forum Scripts
Last Post: 21st April 2008, 12:03 PM
By MK-2 in forum Wireless Networks
Last Post: 15th January 2008, 09:58 AM
By darknova in forum Virtual Learning Platforms
Last Post: 28th November 2007, 04:55 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)