Travel Technology - Corporate crippled wi-fi on my laptop

I work for a company that is very paranoid about internet security. The internal wi-fi device in my laptop has been disabled but I was allowed to purchase and expense a wi-fi card and have the admin set it to work strictly with my home network.

If I go anywhere with my laptop, I can connect via cable but the wi-fi card will not work. Sadly, it is getting harder to find hotels that offer LAN service as they are all going to wi-fi.

Is there any way to overide the admin setting so I can use my wi-fi card as I please?

Believe it or not, this is a company in the top 50 of the Fortune 500! :mad:

There is a way to override the setting but it might be more trouble to you than its worth.

First let me suggest that depending on how the laptop is secured you might be able to simply buy a usb based wireless card and simply plug-in that card into an available usb port to obtain a connection. Many companies will still allow "secured" laptops to connect to usb devices.

If the laptop cannot be connected to usb devices, then you will have to boot the computer using a different operating system in order to take advantage of the wireless network. This is not a simple procedure but if you do install a parallel OS, you can boot that operating system whenever you wish to use your wireless card.

This bootdisk (http://home.eunet.no/~pnordahl/ntpasswd/) will set you free. Everyone should carry this in their travel bag. :)

Promote yourself to an adminstrator; you deserve it.

This bootdisk (http://home.eunet.no/~pnordahl/ntpasswd/) will set you free. Everyone should carry this in their travel bag. :)

Promote yourself to an adminstrator; you deserve it.

fisherman, I've used that utiltity a number of times at work for various reasons, and it is a great little utility

Hmmm.. what if you just re-install the software that came with the WiFi card?

If IT kept the disk, you can always get the software from the manufacturers site.

Try the USB wireless, that may work. It wouldn't at my place, the users can't install any USB devices, wireless cards, or anything else, but your guys may not have locked down USB, most people don't.


Another option is to forgo the wireless on the laptop entirely (let them lock it down, we don't care) and get one of the many wired to wireless ethernet bridges out there like this one from linksys

http://www.linksys.com/products/product.asp?grid=33&scid=36&prid=603

Plug your ethernet cable into it, configure the device, and poof you are wireless through your wired ethernet port. No drivers what so ever on the computer, to the laptop it's just a wired network. May take some fiddling with the settings, but it will work and show those IT people.

This bootdisk (http://home.eunet.no/~pnordahl/ntpasswd/) will set you free. Everyone should carry this in their travel bag. :)

Promote yourself to an adminstrator; you deserve it.

I have a feeling that if they have made changes so you cannot use usb devices, they are probably smart enough to lock the bios in such a way as to keep you from booting from an external disk.

security and convenience are inversely proportional.

I fail to understand why your corp ITSec folks think that plugging into a foreign wired enet is somehow more secure that a wireless one. If it was me, I'd appeal (most security policies have a formal method for requesting exceptions), but I've been labelled a troublemeaker in the past. :)

How did they disable it?
through the BIOS?
have you tried booting to your bios? f1, esc, f12, etc-when powering up

I work for a company that is very paranoid about internet security. The internal wi-fi device in my laptop has been disabled but I was allowed to purchase and expense a wi-fi card and have the admin set it to work strictly with my home network.

If I go anywhere with my laptop, I can connect via cable but the wi-fi card will not work. Sadly, it is getting harder to find hotels that offer LAN service as they are all going to wi-fi.

Is there any way to overide the admin setting so I can use my wi-fi card as I please?

Believe it or not, this is a company in the top 50 of the Fortune 500! :mad:


I feel your pain and don't want to rain on your parade but be advised that if your company ever finds out you went wireless with your laptop... you could be looking for a new job.

BTW, only the GOOD companies are paranoid about wireless and they have reason to be. ;)

I feel your pain and don't want to rain on your parade but be advised that if your company ever finds out you went wireless with your laptop... you could be looking for a new job.

BTW, only the GOOD companies are paranoid about wireless and they have reason to be. ;)

I've been reading the responses with great interest and appreciate all the suggestions. However, when push comes to shove, Pyg has the right attitude. My job security is more important than being able to do Flyertalk chat while on the road!

I've been reading the responses with great interest and appreciate all the suggestions. However, when push comes to shove, Pyg has the right attitude. My job security is more important than being able to do Flyertalk chat while on the road!

Don't give up hope yet! Ask around and find out what the penalty is for going wireless. It may be a "don't ask don't tell" type policy or it could be something extremely severe. If it turns out to be a slap on the wrist, the ethernet wireless bridge might be the way to go.

You could always purchase an old laptop, PDA/PPC, even a blackberry that supports web browsing to take with you on trips so you can go wireless. You can probably get an older model laptop pretty cheap if all you need is web and email capabilities.

I feel your pain and don't want to rain on your parade but be advised that if your company ever finds out you went wireless with your laptop... you could be looking for a new job.

BTW, only the GOOD companies are paranoid about wireless and they have reason to be. ;)

Couldn't have said it better. Sister of a good friend is a security specialist in Boston. She was at a customer (bank) which set up a wireless system. The manager told her that it was secure and there was no way she could get in. 20 mins later he shut the system off.

How did they disable it?
through the BIOS?
have you tried booting to your bios? f1, esc, f12, etc-when powering up

booting to the bios can be prevented with a password.

I feel your pain and don't want to rain on your parade but be advised that if your company ever finds out you went wireless with your laptop... you could be looking for a new job.

BTW, only the GOOD companies are paranoid about wireless and they have reason to be. ;)

Perhaps, but the BETTER ones develop sensible policies regarding the use of wireless or ANY technology. Banning something or blanket turning it off doesn't take much brains or sense. Figuring out a way to use it that gives end users the benefits of the technology while securing assets and resources from unnecessary risk does.

I work for a company that is very paranoid about internet security. The internal wi-fi device in my laptop has been disabled but I was allowed to purchase and expense a wi-fi card and have the admin set it to work strictly with my home network.

If I go anywhere with my laptop, I can connect via cable but the wi-fi card will not work. Sadly, it is getting harder to find hotels that offer LAN service as they are all going to wi-fi.

Is there any way to overide the admin setting so I can use my wi-fi card as I please?

Believe it or not, this is a company in the top 50 of the Fortune 500! :mad:

There are ways and ways again to get around this and other restrictions that they have no doubt set up on your laptop.

You just have to ask yourself if it's worth the risk being found out that you've been doing this. Unless, in addition to your many other fine talents, you are an experienced, expert administrator of the OS your laptop uses(XP or some other flavor of 'doze I'm going to assume), chances are that they will find out sooner rather than later.

booting to the bios can be prevented with a password.

not if you remove the cmos battrery ;)
or if they just perhaps forgot to put one on there

Perhaps, but the BETTER ones develop sensible policies regarding the use of wireless or ANY technology. Banning something or blanket turning it off doesn't take much brains or sense. Figuring out a way to use it that gives end users the benefits of the technology while securing assets and resources from unnecessary risk does.

FYI... Wireless is NOT secure (see teaser and link below for just one example). When it comes to sensitive information there is no way I'd take the chance of putting that information in the air. Using a VPN with wireless is about as secure as it gets and even that's not foolproof.

Here's a teaser...

"Millions of wireless access points are spread across the US and the world. About 70% percent of these access points are unprotected—wide open to access by anyone who happens to drive by. The other 30% are protected by WEP (Wired Equivalent Privacy) and a small handful are protected by the new WPA (Wi-Fi Protected Access) standard."

http://www.tomsnetworking.com/Sections-article111.php

If you read the entire article you will notice that one of the ways to secure your wireless network is...

"5) Turn off the WLAN when not in use
A $5 lamp timer from your local hardware store is a simple, but effective way to keep your WLAN or LAN from harm while you're sleeping."

Use a lamp timer?? Yeah that'll make the CEO of the fortune 50 sleep better at night. :D

I work for a technology company that also has a policy against wireless access. They also disabled the wireless connectivity on our notebooks. What is really interesting is that we do not run a wireless network on our campus. SO what were they protecting themselves from? We also use a VPN for all connectivity that is the first thing you need to sign on to to boot your PC. What ended up happening is some relized that wireless connectivity outside of the campus was a productive thing and we got it back. THen again these are the same individuals who thought Reply All was the reason we spent so much time on email. THey removed Reply All and now all of us put it back with a registry hack.
So maybe the IS Nazi's in my company are actually worse then yous. :cool:

FYI... Wireless is NOT secure (see teaser and link below for just one example). When it comes to sensitive information there is no way I'd take the chance of putting that information in the air. Using a VPN with wireless is about as secure as it gets and even that's not foolproof.

Here's a teaser...

"Millions of wireless access points are spread across the US and the world. About 70% percent of these access points are unprotected—wide open to access by anyone who happens to drive by. The other 30% are protected by WEP (Wired Equivalent Privacy) and a small handful are protected by the new WPA (Wi-Fi Protected Access) standard."

http://www.tomsnetworking.com/Sections-article111.php

If you read the entire article you will notice that one of the ways to secure your wireless network is...

"5) Turn off the WLAN when not in use
A $5 lamp timer from your local hardware store is a simple, but effective way to keep your WLAN or LAN from harm while you're sleeping."

Use a lamp timer?? Yeah that'll make the CEO of the fortune 50 sleep better at night. :D

The article is about how WEP encryption is not secure. In the conclusions, in #3 (which you skipped), it says:

3) Use WPA with a strong key
WPA is a definite improvement over WEP in providing wireless security. But the version intended for home and SOHO use—WPA-PSK—has a weakness shared by any passphrase security mechanism. The choice of simple, common and short passphrases may allow your WPA-protected WLAN to be quickly compromised via dictionary attack (more info here).


I'd defy you to defeat strong-key WPA used in conjunction with a MAC address ACL. A Fortune 50 company should know how to implement this. If not, I'm available for consulting at reasonable (if you're a Fortune 50 :) ) rates.

Another IT geek opinion here:

There are valid reasons to "lock down" a laptop that might contain private company data. Having said that...

It sounds like the onboard wireless device has been disable in the BIOS, so you're screwed there. But since you have the PCMCIA card...you're in luck.

Download and burn a copy of Knoppix. It's a "live" Linux CD...that is, a bootable CD which contains a complete Linux system. I use it with laptops all the time. Chances are it will recognize your wireless PC Card and allow you to configure it to use whatever network is handy.

The great thing is that the entire show runs on RAM...it never touches your hard disk...so sensitive files, etc. are secure (OK...as secure as anything can be).

You should be able to get on your way at www.knopper.net. If you're not particularly tech-savvy it may take you some time to get things rolling, but honestly it's not that hard. You should be able to figure things out quickly and get yourself up and running.

The article is about how WEP encryption is not secure. In the conclusions, in #3 (which you skipped), it says:

3) Use WPA with a strong key
WPA is a definite improvement over WEP in providing wireless security. But the version intended for home and SOHO use—WPA-PSK—has a weakness shared by any passphrase security mechanism. The choice of simple, common and short passphrases may allow your WPA-protected WLAN to be quickly compromised via dictionary attack (more info here).


I'd defy you to defeat strong-key WPA used in conjunction with a MAC address ACL. A Fortune 50 company should know how to implement this. If not, I'm available for consulting at reasonable (if you're a Fortune 50 :) ) rates.

Secure your wireless:
1. Turn off the "beacon".
2. Change the default SSID to something unique.
3. Use WPA-PSK, make sure the key contains metacharacters and numbers.
4. Use the MAC address ACL.
5. Change #'s 2 and 3 on a monthly basis (if not more often).
6. Change the default password on your AP.

Is this 100% secure? No...but it's close. At this point, there are so many unsecured APs and WLANs out there that if yours is even remotely secure most hackers will just move on to one that isn't.

The article is about how WEP encryption is not secure. In the conclusions, in #3 (which you skipped), it says:

3) Use WPA with a strong key
WPA is a definite improvement over WEP in providing wireless security. But the version intended for home and SOHO use—WPA-PSK—has a weakness shared by any passphrase security mechanism. The choice of simple, common and short passphrases may allow your WPA-protected WLAN to be quickly compromised via dictionary attack (more info here).


I'd defy you to defeat strong-key WPA used in conjunction with a MAC address ACL. A Fortune 50 company should know how to implement this. If not, I'm available for consulting at reasonable (if you're a Fortune 50 :) ) rates.

Show me a hotel with WPA and MAC address ACL first. The hospitality industry doesn't go for secure... they go for CHEAP.

Should we get into rouge AP's and over powering the legitimate signal? There is more than one way to get information.

Secure your wireless:
1. Turn off the "beacon".
2. Change the default SSID to something unique.
3. Use WPA-PSK, make sure the key contains metacharacters and numbers.
4. Use the MAC address ACL.
5. Change #'s 2 and 3 on a monthly basis (if not more often).
6. Change the default password on your AP.

Is this 100% secure? No...but it's close. At this point, there are so many unsecured APs and WLANs out there that if yours is even remotely secure most hackers will just move on to one that isn't.


Yeah you can lock it down so tight even the guests can't get online. :) However, these are great tips for the home user.

Well, I know it doesn't keep people from "sniffing" (heck, I have the software to do it)...but in a slightly different vein have you seen the hotels that are now requiring one-time passwords to access their wireless networks? Almost every Marriott I've stayed at in the last 3 months has been using this system. I asked around...they got tired of sharing their bandwidth.

It's only a matter of time before they start securing their networks.

Back to the original subject...most hotels I've seen with wireless networks do offer a limited number of wired "bridges" for use by guests without wireless cards...so that's always an option. Companies have accepted some level of risk by merely allowing folks to go remote...once they're off the intranet, users should be assumed to be unsecure. If someone wants the data badly enough, they're going to get it.

Well, I know it doesn't keep people from "sniffing" (heck, I have the software to do it)...but in a slightly different vein have you seen the hotels that are now requiring one-time passwords to access their wireless networks? Almost every Marriott I've stayed at in the last 3 months has been using this system. I asked around...they got tired of sharing their bandwidth.

It's only a matter of time before they start securing their networks.

Back to the original subject...most hotels I've seen with wireless networks do offer a limited number of wired "bridges" for use by guests without wireless cards...so that's always an option. Companies have accepted some level of risk by merely allowing folks to go remote...once they're off the intranet, users should be assumed to be unsecure. If someone wants the data badly enough, they're going to get it.


Yeah I have seen an increase in the user/pass system. Funny how it wasn't their guest's security that got them to implement the change, it was the idea that they were giving away FREE signal.

I SWEAR this is true...

I installed an HSIA system at a hotel (outdoor entrance generation one) in Georgia. When the job was complete, and after I had tested the property I noticed that the general manager was walking around with his laptop. No big deal, I prefer to know if there are problems with signal levels. However, I witnessed this GM in his dress slacks and leather shoes get down on his hands and knees and crawl through the bushes to the parking lot of the hotel next door. He snuck up next to the building and held his laptop up to the guestroom window and surfed the Net. He came back telling me how concerned he was because he was getting one bar of signal at that hotel. I hope he didn't catch me rolling my eyes at him...

Show me a hotel with WPA and MAC address ACL first. The hospitality industry doesn't go for secure... they go for CHEAP.

Should we get into rouge AP's and over powering the legitimate signal? There is more than one way to get information.


SSL or IPSec should be required for all corporate access. Not doing so in today's world borders on criminal.

As an IT Consultant and one who has setup laptops and desktops with restricted access to certain options and setting, I can understand they locked your laptop for a reason.

Before you try and alter - bare in mind doing so may violate company poilicy and could result in some sort of punishment or whatever. My one client as a policy (to make it short) if you screw with company owned technology you maybe fired.

Think about it...

-Vincent

All of these suggestions are great (from Knoppix to Corporate policies, etc.), but we have to keep in mind the OP's intended usage and computer savvy?

Is he trying to access corporate email using the wired connection? Is he a cmd-line fellow?

Risk Analysis:

Ok. So the company that I work for is also Fortune 500. We do allow wireless.

So assuming (I know its a bad word)

the OS is a locked down corporate build (and the IS nazis locked it down well)
and wireless is enabled

and to access the corporate network you need to enter using a corporate vpn using IPSEC with two-phase authentication (name + secure ID fob and pin)

and then to access email and specified internal resources, domain username and password

how is the risk to corporate resources using wireless?

what's going to be sniffed?

and user installed trojans should be stopped by the AV software plus firewall plus nazi locked down OS, right?

I suspect that the IS department's concern is not so much the compromising of data between the laptop and HQ (via "sniffing", etc.) given appropriate corporate policy, but rather that an unsophisticated user, in using the laptop for "personal" surfing, might inadvertently get themselves a virus/trojan/keylogger/what-have-you. If that were to happen, then it's quite possible that not only would you have potential security issues via compromised passwords, but also open access to sensitive files on the laptop via backdoors, etc.

This is why I recommended Knoppix. As it runs in RAM and does not access the hard disk...it offers essentially no opportunity for anything to be left behind. Once the PC/laptop is powered down...everything is gone. I've been using Knoppix for 2+ years, and I've yet to hear of any kind of security issue with it (not saying it doesn't exist...but I have looked). IMO, it is the best option for the originator of this thread.

Of course, the risk of being fired for inappropriate use of corporate property is his, not mine.

FYI... Wireless is NOT secure (see teaser and link below for just one example). When it comes to sensitive information there is no way I'd take the chance of putting that information in the air. Using a VPN with wireless is about as secure as it gets and even that's not foolproof.

Here's a teaser...

Please point to where in my post I said it was secure.

As someone who has spent the past 4 or so years installing and working on wireless networks all over the world (incl. Laos, Thailand, Italy, Denmark, and Uganda to name a few), as well as being an invited lecturer to 2 UNESCO-sponsored conferences in wireless networking, I don't think I need a magazine article to tell me what I already know.

Everybody knows that WEP and WPA are both broken. The Goldberg papers have been out for a couple of years now and every IT/IS person who's worth their salt knows that they're not proper security solutions by themselves.

Not to mention that few places implement them. Hotels, convention centers, etc. often run open APs w/ no encryption on them simply because the key management/distribution issues are way beyond the ability of your average hotel desk/GES staff to deal with.

We(should) all know that proper secondary encryption, like a VPN using IPSEC w/ dynamic rekeying is necessary to enhance the protection of confidential transactions done over any public network, whether it's wired or wireless.


JD