BNA_flyer

Depends on how diligent he/she is in securing it. The BBs I've used have been set so that if I leave it locked and requiring a password to use (assuming I've taken advantage of that feature and it's set to lock itself after X number of minutes), ten incorrect password entries results in the BB wiping itself. But to get back to the story...

You're correct about the illusion of security--I am on the security workgroup of a healthcare organization that shall not be named, and it's hard to get people there to understand that all the technical measures in the world won't help if the human factors aren't addressed. It would be simple for anyone to talk his way into our building (particularly if he were a recently termed employee and looked familiar), loiter around our cube farm until he picked up a list of high-level users of our system off someone's desk, and then make conversation until he picked up on how simple some of our standard initial passwords are. Eventually a determined person will talk his way into the system so that the system doesn't even notice.

I called a pharmacy yesterday on behalf of my wife, who needed to track down the name of an antibiotic she'd taken two months ago for a week, so she could tell her PCP. I called them up and mentioned that this was for my spouse and that I understood if they couldn't give the information over the phone, and they simply asked me: "Last name?" "(fairly uncommon last name)." "Oh, (firstname)?" "Yep, that's her." "OK, she had two prescriptions, they were (X) and (Y)." I could have been anyone.

Sorry to hijack the thread, my mind has been on this issue a lot lately...

DEVIS

I gotta say this is absolutely disturbing!

BNA_flyer

It's a HIPAA violation plain and simple--when I get a few minutes I'm going to call back and point that out to the manager. Didn't even ask for an SSN, address, anything.

DEVIS

What if it was the manager who gave u all the info?

BNA_flyer

Still a HIPAA violation, just less likely anything will happen.

flyrad

One other alternative way is to get a travel router, like this one, the Linksys WTR54GS:

http://www.linksys.com/servlet/Satel...=4100839789B17

It plugs into an existing wired ethernet outlet and alternatively also can even connect to a remote wireless AP (2nd alternative not likely to solve the OPs signal problems). I own one and it is great for hotels, conference rooms and the like. Now before someone else says it, you would be opening a rogue access point if done in most work situations without IT knowledge. However, if you secured the connection properly using WPA or WPA2 and MAC access control, your IT manager might even allow it as it would be no less secure than most other access points.

nmenaker

As a former CTO I would SO recommend AGAINST sticking an access point on an INTERNAL wired LAN point, it just creates a huge point of weakness (as is already posted)

What I don't understand is why companies don't just put a few LAN ports (like the conference room, waiting room, etc.) OUTSIDE the firewall, enabling roaming workers and visitors to have internet access. At THAT point, putting an AP on the OUTSIDE THE LAN ports is not a problem at all. Or, just split out the internet inbound to a switch. There are so many, EASY ways to do this, not sure why more don't do it. Reconfiguring the ethernet drops from a switch room is childs play. Creating robust security is just a matter of thinking it through and puting up the right walls.

PTravel

Okay, one more time folks . . . the access point is NOT on an internal wired LAN. My firm maintains an outside DSL line that is connected to a wireless router. The DSL line does not connect to our LAN or WAN -- it is a stand-alone service and is provided as a courtesy to visitors who need an internet connection.

That's what we do, except we take it one step further. Instead of putting LAN connections outside the firewall, we have an entirely separate service for visitors.

nmenaker

GREAT! you must have read my book!

:-)

DEVIS

Yea go tell that to your paranoid counterparts. But you know the funny thing... though these companies have "no outside computers" policies, I bet you many of their employees DO bring their laptops and hook them up.

deeceem

Slingbox should run from a USB key

PTravel

It might, but the other stuff I run won't. Still, that's good to know -- I'll have to try it on my desktop machine.

nmenaker

It will run from a USB key, just copy the fully contained slingbox folder from program folders and you're good to go. Configure it first though on another machine, makes it easier.

QuantumMeruit

Interesting problem. I have a pretty technology-heavy practice at a big law firm and it's interesting to hear how different some law firms are in terms of "locking down" things.

Reading through this thread, it seems that the original poster's problem was that he wanted his personal laptop to have network access. This was briefly mentioned in the middle of the thread, but I didn't see it addressed -- what about an EVDO (mobile broadband) card?

Even if you can't get the firm to pay for it or reimburse you, it seems that the OP has a lot of his own hardware. Just something else to add onto the pile of unreimbursed business expenses, I suppose.

PTravel

How are things at your firm?

Yes, yes, yes!

I don't want to get a separate card. I first tried using a variety of AT&T PDA devices (so I could use them to get email as well as providing modem connections), but the broadband service in my area was awful. I finally decided on a Blackberry 8830 through Verizon. Verizon broadband on the Blackberry works just fine (though I have to have a wired connection to the modem -- it won't work via Bluetooth). However, Verizon is extremely restrictive about use of its system. Per the TOS I'm limited to 5 Gb/month, can't stream audio or video, etc.