The following excerpt is from Chapter 4 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt series.
Group Policy Q&A
Q: How can I prevent wireless access points from become an unguarded entry point into my network?
A: Wireless access points (WAPs) can become back doors into your network; but properly configured and managed, they can be safely used. Windows .NET Group Policy provides a tool that can assist in your security efforts.
Unrestricted proliferation of WAPs throughout your network can undermine many of your security defenses. It will not be easy to control them. Unlike many technological advances, WAPs have two things that make them immediate candidates for abuse. First, their price point is low. For a few hundred dollars, you can purchase an access point and a wireless network card for your PC or laptop. Many already have company-issued or came-with-the-laptop wireless connectivity installed. Second, the technology is engaging, convenient and easy to implement. WAPs arrive preconfigured in some cases, and computer interfaces often automatically detect their presence. A technically unsophisticated, ordinary user can purchase the box, stick it under his or her desk, and cable it to the company LAN. With minimal to no help on the wireless LAN card enabled laptop, the user can now roam around his or her cubicle and to adjacent areas without the network cable tether.
It would certainly be nice if technology could step in and offer the ability to either prevent these access points from being able to exist on your network or immediately detect them for you. There is no way to do the former, nor easily the latter. You currently cannot eliminate the problem, but you can take steps to manage it:
Have a strong written policy that specifies appropriate use of wireless networking and the consequences of infractions.
Have a strong education element. Teach users how to use the corporate wireless LAN and the problems rogue access points can cause.
Use technology to control and secure authorized wireless communications.
Adopt technology that seeks to manage and control wireless access.
You must implement the first two, and Wireless Access Policies in Windows .NET Server Group Policy can help with the last two.
Click for the next excerpt in this series: Securing wireless communications.