More "Stupid WiFi Tricks"
#31
Join Date: Aug 2006
Location: ?
Posts: 7,544
I bet you don't allow camera phones either.
Sorry but the illusion of security is just that, an illusion. If someone wanted to get in your network they would fine a way.
Lots of companies out there see wireless as the boogie man and they try their hardest to block it and/or limit access. Well guess what... it isn't. i mean for pete's sake, all one needs to do to steal some important data nowadays would be to nab some VP's blackberry.
Sorry but the illusion of security is just that, an illusion. If someone wanted to get in your network they would fine a way.
Lots of companies out there see wireless as the boogie man and they try their hardest to block it and/or limit access. Well guess what... it isn't. i mean for pete's sake, all one needs to do to steal some important data nowadays would be to nab some VP's blackberry.
You're correct about the illusion of security--I am on the security workgroup of a healthcare organization that shall not be named, and it's hard to get people there to understand that all the technical measures in the world won't help if the human factors aren't addressed. It would be simple for anyone to talk his way into our building (particularly if he were a recently termed employee and looked familiar), loiter around our cube farm until he picked up a list of high-level users of our system off someone's desk, and then make conversation until he picked up on how simple some of our standard initial passwords are. Eventually a determined person will talk his way into the system so that the system doesn't even notice.
I called a pharmacy yesterday on behalf of my wife, who needed to track down the name of an antibiotic she'd taken two months ago for a week, so she could tell her PCP. I called them up and mentioned that this was for my spouse and that I understood if they couldn't give the information over the phone, and they simply asked me: "Last name?" "(fairly uncommon last name)." "Oh, (firstname)?" "Yep, that's her." "OK, she had two prescriptions, they were (X) and (Y)." I could have been anyone.
Sorry to hijack the thread, my mind has been on this issue a lot lately...
#32
Join Date: Mar 2006
Location: Concord, CA
Programs: AA PLT, MileagePlus
Posts: 2,617
I called a pharmacy yesterday on behalf of my wife, who needed to track down the name of an antibiotic she'd taken two months ago for a week, so she could tell her PCP. I called them up and mentioned that this was for my spouse and that I understood if they couldn't give the information over the phone, and they simply asked me: "Last name?" "(fairly uncommon last name)." "Oh, (firstname)?" "Yep, that's her." "OK, she had two prescriptions, they were (X) and (Y)." I could have been anyone.
Sorry to hijack the thread, my mind has been on this issue a lot lately...
#33
Join Date: Aug 2006
Location: ?
Posts: 7,544
#36
Join Date: Oct 2005
Location: SFO
Programs: UA 1K, SPG/Hyatt/Hilton Gold, Hertz #1 Gold
Posts: 115
One other alternative way is to get a travel router, like this one, the Linksys WTR54GS:
http://www.linksys.com/servlet/Satel...=4100839789B17
It plugs into an existing wired ethernet outlet and alternatively also can even connect to a remote wireless AP (2nd alternative not likely to solve the OPs signal problems). I own one and it is great for hotels, conference rooms and the like. Now before someone else says it, you would be opening a rogue access point if done in most work situations without IT knowledge. However, if you secured the connection properly using WPA or WPA2 and MAC access control, your IT manager might even allow it as it would be no less secure than most other access points.
http://www.linksys.com/servlet/Satel...=4100839789B17
It plugs into an existing wired ethernet outlet and alternatively also can even connect to a remote wireless AP (2nd alternative not likely to solve the OPs signal problems). I own one and it is great for hotels, conference rooms and the like. Now before someone else says it, you would be opening a rogue access point if done in most work situations without IT knowledge. However, if you secured the connection properly using WPA or WPA2 and MAC access control, your IT manager might even allow it as it would be no less secure than most other access points.
#37
Join Date: Feb 2000
Location: Menlo Park, CA, USA
Programs: UA 1MM 0P, AA, DL, *wood, Lifetime FPC Plat., IHG, HHD
Posts: 6,912
As a former CTO I would SO recommend AGAINST sticking an access point on an INTERNAL wired LAN point, it just creates a huge point of weakness (as is already posted)
What I don't understand is why companies don't just put a few LAN ports (like the conference room, waiting room, etc.) OUTSIDE the firewall, enabling roaming workers and visitors to have internet access. At THAT point, putting an AP on the OUTSIDE THE LAN ports is not a problem at all. Or, just split out the internet inbound to a switch. There are so many, EASY ways to do this, not sure why more don't do it. Reconfiguring the ethernet drops from a switch room is childs play. Creating robust security is just a matter of thinking it through and puting up the right walls.
What I don't understand is why companies don't just put a few LAN ports (like the conference room, waiting room, etc.) OUTSIDE the firewall, enabling roaming workers and visitors to have internet access. At THAT point, putting an AP on the OUTSIDE THE LAN ports is not a problem at all. Or, just split out the internet inbound to a switch. There are so many, EASY ways to do this, not sure why more don't do it. Reconfiguring the ethernet drops from a switch room is childs play. Creating robust security is just a matter of thinking it through and puting up the right walls.
#38
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2004
Location: Newport Beach, California, USA
Posts: 36,062
What I don't understand is why companies don't just put a few LAN ports (like the conference room, waiting room, etc.) OUTSIDE the firewall, enabling roaming workers and visitors to have internet access. At THAT point, putting an AP on the OUTSIDE THE LAN ports is not a problem at all.
#40
Join Date: Mar 2006
Location: Concord, CA
Programs: AA PLT, MileagePlus
Posts: 2,617
As a former CTO I would SO recommend AGAINST sticking an access point on an INTERNAL wired LAN point, it just creates a huge point of weakness (as is already posted)
What I don't understand is why companies don't just put a few LAN ports (like the conference room, waiting room, etc.) OUTSIDE the firewall, enabling roaming workers and visitors to have internet access. At THAT point, putting an AP on the OUTSIDE THE LAN ports is not a problem at all. Or, just split out the internet inbound to a switch. There are so many, EASY ways to do this, not sure why more don't do it. Reconfiguring the ethernet drops from a switch room is childs play. Creating robust security is just a matter of thinking it through and puting up the right walls.
What I don't understand is why companies don't just put a few LAN ports (like the conference room, waiting room, etc.) OUTSIDE the firewall, enabling roaming workers and visitors to have internet access. At THAT point, putting an AP on the OUTSIDE THE LAN ports is not a problem at all. Or, just split out the internet inbound to a switch. There are so many, EASY ways to do this, not sure why more don't do it. Reconfiguring the ethernet drops from a switch room is childs play. Creating robust security is just a matter of thinking it through and puting up the right walls.
Yea go tell that to your paranoid counterparts. But you know the funny thing... though these companies have "no outside computers" policies, I bet you many of their employees DO bring their laptops and hook them up.
#41
Join Date: Aug 2007
Programs: mileage plus, qantas
Posts: 2
slingbox on locked down laptops
They do give us laptops, and they're completely locked down. That means I can't put on any of the software that I use when I travel, both for business or pleasure. Whether it's Photoshop CS2 and Breezebrowser, both of which I use for business (as well as pleasure) or iTunes and the Slingbox client, which I use to keep myself sane, I.
#42
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2004
Location: Newport Beach, California, USA
Posts: 36,062
#43
Join Date: Feb 2000
Location: Menlo Park, CA, USA
Programs: UA 1MM 0P, AA, DL, *wood, Lifetime FPC Plat., IHG, HHD
Posts: 6,912
#44
Join Date: Jul 2006
Location: Washington, DC
Posts: 141
Interesting problem. I have a pretty technology-heavy practice at a big law firm and it's interesting to hear how different some law firms are in terms of "locking down" things.
Reading through this thread, it seems that the original poster's problem was that he wanted his personal laptop to have network access. This was briefly mentioned in the middle of the thread, but I didn't see it addressed -- what about an EVDO (mobile broadband) card?
Even if you can't get the firm to pay for it or reimburse you, it seems that the OP has a lot of his own hardware. Just something else to add onto the pile of unreimbursed business expenses, I suppose.
Reading through this thread, it seems that the original poster's problem was that he wanted his personal laptop to have network access. This was briefly mentioned in the middle of the thread, but I didn't see it addressed -- what about an EVDO (mobile broadband) card?
Even if you can't get the firm to pay for it or reimburse you, it seems that the OP has a lot of his own hardware. Just something else to add onto the pile of unreimbursed business expenses, I suppose.
#45
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2004
Location: Newport Beach, California, USA
Posts: 36,062
Reading through this thread, it seems that the original poster's problem was that he wanted his personal laptop to have network access.
This was briefly mentioned in the middle of the thread, but I didn't see it addressed -- what about an EVDO (mobile broadband) card?
Even if you can't get the firm to pay for it or reimburse you, it seems that the OP has a lot of his own hardware. Just something else to add onto the pile of unreimbursed business expenses, I suppose.
Even if you can't get the firm to pay for it or reimburse you, it seems that the OP has a lot of his own hardware. Just something else to add onto the pile of unreimbursed business expenses, I suppose.