Printable View
Hello,
I have setup a wifi network at my office. We have very important data at some system. So we want to protect this from Unmanaged Clients on network. We are not rely on antivirus and security system.How we can protect our network from Unmanaged Clients. Any one can know this ? Any suggestion??
Solution is to deploy the anonymous access WAP on a segment perimeter network that has no access to the corporate network. This allows you to offer Internet access to your guest users without incurring the administrative overhead to give users WEP and WPA and partitioning the corporate network from these unmanaged clients. For example, you can create a wireless DMZ on an ISA firewall multihomed as discussed in the article "Providing Internet access while securing your network using a wireless companies DMZ.Many provide WAP access anonymous for the convenience of clients and consultants. Even if the anonymous access WAP is a great convenience to your customers, they can create a significant security threat to enterprise network customers as guests of the connection they are not managed, and there is a chance that these hosts are compromised by worms, viruses and Trojans.
WAP corporate network does not allow anonymous connections. You will need the user or machine authentication for corporate deployment highly secure wireless. For example, we use the user authentication and EAP computer certificate when deploying enterprise deployments of wireless. The authentication certificate means that only managed machines and users can connect to the corporate network via the WAP business.
However, the convenience offered by the anonymous access WAP to guests can also be useful for employees such as executives who bring in unmanaged, personal laptops from home. These machines are not provisioned to use the WAP business, so they have to use anonymous access WAP. You can provide these users access the anonymous access wireless DMZ segment by having them use VPN connections to the corporate network. The VPN link secures the connection and prevents intruders from intercepting communications with resources on the corporate network. For more details on this configuration, see TechProGuild Allow VPN access to your wireless network from a DMZ.
A particularly effective method you can use to secure your network against unauthorized users wireless IPSec-based domain isolation. IPSec domain isolation is a technique that isolates domain servers or all domain member computers from untrusted machines. IPSec domain isolation is one of the most effective methods available today for Windows networks to protect your critical servers customers not only rogue wireless but all unsecured computers on the corporate network. You can use your firewall application layer access controls to block those devices to connect to the Internet. For example, you can configure the firewall ISA Server to require user authentication before enabling outbound access from the corporate network to the Internet. For Web protocols, you can configure a firewall application layer controls to block user-agent headers sent by handheld devices or force integrated authentication to the firewall before allowing the outgoing access. Since handheld devices can not be domain members, any attempt to connect to the Internet will be blocked.