bmanice Posted October 26, 2009 Posted October 26, 2009 Hey guys, Im concerned about security and want to have my domain laptops auto disable the NIC when they are on the WiFi and vice versa. Is there a way to do this in the registry or through AD? Thanks! Quote
Sparda Posted October 26, 2009 Posted October 26, 2009 Don't know about doing this through the domain, but you could configure the laptops with one network card disabled, the other enabled, then have a 'switch to wifi' and 'switched to wired' networking buttons on the desktop. What are the actual advantages of this? If the laptop has been connected to 'dangerous' wireless at any time it posses the same risk as a laptop that is connected to the internal network and the 'dangerous' wireless at the same time. This is assuming it did get infected with some thing. Quote
Tarbizkit Posted October 27, 2009 Posted October 27, 2009 you could deploy NAP. if there are resource problems with that you might try using group policy. you could have gpo set up that would disable access to the network control and also run a login script that would set the nic's up the way you wanted. this is a little easier if you are dealing with company resources and in a perfect world identical hardware. :) a low tech way might be using some wifi shielding paint. I have not used this personally, and have heard mixed results, so your mileage may vary :( If setup correctly, the NAP solution could help protect you from an already infected computer, but when it comes to syware, malware, a virus, or any other network nasty, nothing is gonna be perfect. Quote
bmanice Posted October 28, 2009 Author Posted October 28, 2009 I just dont want people being on WiFi and the NIC at the same time because then they will be bridged and someone could compromise a laptop over WiFi and then have a free link into our domain. Quote
VaKo Posted October 30, 2009 Posted October 30, 2009 The cisco VPN client we use blocks other interfaces than the VPN connection when connected. Can you give us a bit more of an over view about the setup you have, are you trying to deal with WAP's in or near your offices or WAPs for remote users? This is probably a very small avenue of attack your trying to deal with here, so more information and specific details would be useful. Quote
SilverT Posted November 6, 2009 Posted November 6, 2009 Symantec Endpoint Protection can do this. It has location based profiles that you can associate policies with. Looks like you may have to define all wireless cards though, which could get tedious on a large network. http://service1.symantec.com/SUPPORT/ent-s...3f?OpenDocument Quote
Return==404 Posted November 6, 2009 Posted November 6, 2009 Most business grade machines have this feature integrated into their BIOS. It's called auto LAN/WLAN switching. My HP NC4400 has it, you can set the feature in the BIOS and lock the settings with a BIOS setup password. I know that it's a drastic solution, replacing your notebooks, but to get an absolute solution you should look for one on a high level, not just a software switch. Quote
lopez1364 Posted November 6, 2009 Posted November 6, 2009 Here are a few solutions: http://www.wirelessautoswitch.com/ http://www.wire2less.net/1.html And here is the long way: http://blogs.technet.com/heyscriptingguy/a...rk-adapter.aspx Quote
bmanice Posted November 6, 2009 Author Posted November 6, 2009 Here are a few solutions: http://www.wirelessautoswitch.com/ http://www.wire2less.net/1.html And here is the long way: http://blogs.technet.com/heyscriptingguy/a...rk-adapter.aspx You rock! thanks buddy! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.