Prevent other Devices to access Company WIFI
-
This is why we like managed WiFi devices like the Ubiquiti UniFi or Cisco Meraki stuff. You can simply log on to the central portal and block their device. Poof, problem solved.
Lacking that you will have to look into what your wifi solution does.
-
or change the encryption key.
-
@JaredBusch said:
This is why we like managed WiFi devices like the Ubiquiti UniFi or Cisco Meraki stuff. You can simply log on to the central portal and block their device. Poof, problem solved.
Lacking that you will have to look into what your wifi solution does.
I wish we will have " the Ubiquiti UniFi or Cisco Meraki stuff"
@Hubtech for sure ill do this "change the encryption key." if i really don't have choice.
-
We use a RADIUS server and an AD group.
No membership = no access.
-
AD intergreated Wifi is the best way IMO. Not Security keys for users to share. Make a Users group like "Wireless Users" and then you can just add users to the group. SSO with the wifi works great if you use GP to deploy it.
-
@Joyfano said:
I wish we will have " the Ubiquiti UniFi or Cisco Meraki stuff"
Well even old Linksys gear had ways to block devices. Was a manual entry thing I think of specific allowed devices. Been a LONG time since I had a device like that on my home network.
-
What security do you have today? How are they getting on to your network?
-
@scottalanmiller said:
What security do you have today? How are they getting on to your network?
The know the WPA/WEP password.
-
@scottalanmiller said:
What security do you have today? How are they getting on to your network?
I am using WPA/WPA2
Their computers are connected to network too.
It happen that there are computer with "local admin" enabled so that they can run some application required admin rights. -
@JaredBusch said:
@scottalanmiller said:
What security do you have today? How are they getting on to your network?
The know the WPA/WEP password.
I see.
-
@Joyfano said:
@scottalanmiller said:
What security do you have today? How are they getting on to your network?
I am using WPA/WPA2
Their computers are connected to network too.
It happen that there are computer with "local admin" enabled so that they can run some application required admin rights.What applications are requiring that? Are they really needed?
-
@scottalanmiller said:
@Joyfano said:
@scottalanmiller said:
What security do you have today? How are they getting on to your network?
I am using WPA/WPA2
Their computers are connected to network too.
It happen that there are computer with "local admin" enabled so that they can run some application required admin rights.What applications are requiring that? Are they really needed?
I think it has to do with HR tracking software
-
@scottalanmiller said:
@Joyfano said:
@scottalanmiller said:
What security do you have today? How are they getting on to your network?
I am using WPA/WPA2
Their computers are connected to network too.
It happen that there are computer with "local admin" enabled so that they can run some application required admin rights.What applications are requiring that? Are they really needed?
As you most certainly know, they probably don't need local admin rights, but the program was written poorly so we IT staff have to spend hours and hours finding what permissions need to be changed to allow the software to work. What's worse, even if you go through that trouble, often you can't get support from the vendor without granting full local admin rights.
-
I agree with a RADIUS server. You can get most consumer equipment to run dd-wrt, which has RADIUS support, and use that for a WAP if you want. That is only if your existing WAP doesn't natively support RADIUS.
-
Thank you for all of your suggestion. I guess i will change the password of Wifi on weekend and connect their computer while they are away...
-
@ajstringham said:
I agree with a RADIUS server. You can get most consumer equipment to run dd-wrt, which has RADIUS support, and use that for a WAP if you want. That is only if your existing WAP doesn't natively support RADIUS.
Thank you A.J and @nadnerB I will read and learn a bit about your suggestion.
-
Definitely avoid DDWRT in a business. That's a toy OS for hobbyists. Has no place in a business.
-
@scottalanmiller said:
Definitely avoid DDWRT in a business. That's a toy OS for hobbyists. Has no place in a business.
In an SMB, why not? It works and it's plenty solid. I'm not saying anything more than 20 users. Outside of that, why not?
-
Because it is a hobbyist OS and there are now many options that are not hobbyist versions that are in the same price point.
Another question to @scottalanmiller though, Now that ASUS is selling their medium/high end devices with DDWRT, does this change anything for you?
Not using DDWRT simply because it's hobbyists would mean not using LINUX many years ago.. and it might not be where it is today if not for its continued use outside the 'expected norm.'
-
@ajstringham said:
In an SMB, why not? It works and it's plenty solid. I'm not saying anything more than 20 users. Outside of that, why not?
SMBs don't have the money or time to blow resources on toys. Buying consumer gear and then putting a hobby OS onto it doesn't make sense. You will spend as much as you would for enterprise gear while throwing the support that you paid for out of the window. Doing embedded hobby stuff at home for fun is great. Doing it in a business of any size doesn't make sense. Just because a business is small doesn't mean that money can be wasted or stability isn't important.
Reverse the question, you can ask "why not" and the reasons against it are not that strong. It will work and it is cheap. But ask "why?" If you don't have solid business reasons why you would skip fully supported, enterprise equipment in a business, don't go putting modified consumer gear in.
Likewise, I would never, ever put the hardware that DDWRT runs on into a business without DDWRT either.
