.

'Outsider' Network Access

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Aug 07, 2008 12:53 pm

'Outsider' Network Access

How does everyone secure their network from insider 'outsider' access? When I say outsider, I'm talking about people giving presentations, consultants and others who are supposed to be in your office but are requesting Internet access. Do you have a strict policy to forbid them access entirely? Have some way to give them limited access? Any other policies?

We have some inventory software that scans our network and will show when other workgroups/domains have been connected. It came up recently and I brought this to the attention of our IT Director stating that some other computers had been connected to our network. She asked for some suggestions on how to control this, so I figured I'd ask here to see what everyone else does. My thoughts are to hook up a switch or wireless access point to a separate port on our firewall and just segment all the traffic off from the internal network. That way they can get access to the Internet, but nothing else. If it were my choice, I wouldn't even allow them to connect ;) but I don't think that will fly :(

BillV
<<

oldgrue

Newbie
Newbie

Posts: 13

Joined: Thu Jul 31, 2008 11:28 am

Post Thu Aug 07, 2008 2:33 pm

Re: 'Outsider' Network Access

I think you're best to isolate their access like you've suggested. I'd suggest against the wireless so you don't have staff connecting personal devices to it.

It might be better if you can isolate their work areas (especially if you have longer term contractors) and hardwire the connection to a switch instesd.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Aug 07, 2008 3:39 pm

Re: 'Outsider' Network Access

oldgrue wrote:I think you're best to isolate their access like you've suggested. I'd suggest against the wireless so you don't have staff connecting personal devices to it.

It might be better if you can isolate their work areas (especially if you have longer term contractors) and hardwire the connection to a switch instesd.


Thanks :)

If we do the wireless it won't be open and we'll probably change the password fairly frequently so anyone wanting access will have to come ask us. That way anyone wanting access will be required to come through us first ;D
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu Aug 07, 2008 4:03 pm

Re: 'Outsider' Network Access

I think that is how we handle it here. I can see several "guest" APs here that are secured and I'm more than willing to bet that that is what they are used for. Those of that work here can plug in to the corporate network from the conference rooms. Good luck, Bill.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Aug 08, 2008 2:28 am

Re: 'Outsider' Network Access

Billv,

we have a seperate wireless system for outsiders. It runs through a proxy requiring a 'voucher' to bypass the landing page. If a third party needs internet access they get a time-limited voucher, if an employee needs access they get the (frequently changed) WPA key. Keeps the two sets isolated nicely.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Aug 08, 2008 7:20 am

Re: 'Outsider' Network Access

Thanks for the replies guys. Sounds like that's probably where we'll focus our efforts.
<<

RobMongoose

User avatar

Newbie
Newbie

Posts: 28

Joined: Sat May 31, 2008 1:52 pm

Location: Sunderland, UK

Post Sat Aug 09, 2008 7:48 pm

Re: 'Outsider' Network Access

Maybe for wired connections you could set up a switch connected to a restricted access vlan, then you could attach a wireless access point configured, as others have suggested, to provide a separate wireless network to this switch. That should be nice and secure.
Mutterings of an evil genius in training -
http://robmongoose.blogspot.com/

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software