Hiding Wireless Key
I learnt something new, that you can actually see what wireless key has been entered on your PC by going to the wireless profile's properties, then to the security tab, and then ticking "show characters". I was stunned that MS allow you to do this, and as per my other thread this was how some students got hold of our wireless key.
The only method I can find to prevent this via GP is defined in a response here (albeit for Windows Vista, so may not work) How to Disable function "Show Character" in wireless connection?
Does anyone know of another mechanism for doing this?
Use some proper enterprise security?
Is that the likes of Radius? Beyond me technically, but I can refer to a consultant.
Yep, that's the site I linked to above. Seems slightly heavy handed, so just checking there's not something a little more elegant GP-wise.
I thought you had to me an Admin to tick that box. I'm not at a computer I can check at the moment.
Don't rely on hiding the PSK from the network settings alone.
There are dozens of simple utilities to pull this information from the registry (XP) or System XML file (Win 7/8) unless your management, security and policies are tight enough.
A simple switchblade type exploit can get this data (along with a whole lot more) normally staff logins or teachers PCs are even better targets if they have been given local admin rights.
Even if you lock the system down tight with system policies a quick reboot, F10 or F12 for the boot menu and select boot from CD or USB to any of a dozen well chosen tools will get this information from the hive. They don't even do a good job of encrypting it.
Do not under estimate the resourcefulness of your kids, even the stupid ones can look over the shoulder of their teacher and clock a password!
At the end of the day your response needs to match that of the threat, if you have kids that have opportunity and motive to access your LAN using unauthorised devices then a PSK alone is not the way to do it.
This explains the principles well enough.
My woopsie! Had a bit of a nap since and can see I just repeated your link! ;)
Originally Posted by WEPHack
I've checked, and you do. The faux pas was that this particular teacher had been given local admin privileges to install some software. Lesson learned.
Originally Posted by ADMaster
m25man: I think when we renew the wireless, hopefully next April, we will get some expert consultancy to ensure we choose something suitably secure. For now we'll have to go with WPA, if the infrastructure/devices are up to it...