cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7759
Views
0
Helpful
8
Replies

how to prevent users accessing hotspot

echerisme
Level 1
Level 1

hi all

i have to resolved this issue your help will be benefit for me

i have users on the internal network when using wireless has restrictions on brwosing the internet but if when the receive signal from hotspot or somewhere else they connect to it and have no restrictions on their laptops so can someone explain me how to prevent them connection to the hotspot when they are inside the corporate LAN

thx

8 Replies 8

Stephen Rodriguez
Cisco Employee
Cisco Employee

Is this 'hotspot' something you have control over, or is this like the Starbucks next door that you can see the signal?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

sometimes it can be starbucks next door or some employees use to come with their own wireless modem or even their smartphone and the connect to it so what i want to do is if the wireless connection is something else that what the internal network provide i want to block it they should be able to use only the corporate wireless signal nothing else

thx for your prompt answer

There really aren't too many ways that you can get around this legally.

For anything coming from outside, there are products you can put on the windows to attenuate the signal so that it's not usable.

But for people tethering or using there own hotspot, you would have to do containment.  Which could have legal ramifications, if you contained something that was 'outside' your space.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Bill Levin
Level 1
Level 1

If you have a Cisco WLC you can at least do rogue access point detection with Cisco Cleanair capable AP's.  You would have the WLC notify you and then you would have to go to the AP that detected its location and manually find who was operating the hotspot.  After a few fines/written discplinary actions people should stop.

It should be enough to keep the bosses happy.

If you have a Cisco WLC you can at least do rogue access point detection with Cisco Cleanair capable AP's.

Firstly, WLC cannot stop your staff from accessing your neighbor's Wi-Fi.  You also cannot "jam" or contain your neighbor's Wi-Fi signal.  As what Steve said, there's no way a Cisco appliance can do.  A system/network admin can, on the other hand, lock down the profiles and policy via AD what the client can/can't do with wireless.

After a few fines/written discplinary actions people should stop.

If you tell a kid "no", what do you think a kid will do?  This works the same way with adults.

Take our case, this government agency decided to embrace Wi-Fi.  So they got this team together and we, networks, went around installing the latest Cisco WAP in a 10-storey building (including pre- and post- site survey).  Works well.  During tests, clients can seamlessly roam their laptops from one end of the floor to the other.  Tick of approval.

Then security came, and they put down this policy:

1.  No one can use internet dongles anymore; and

2.  The only sites Wi-Fi users can use over the internet are Yahoo and Google 

Because of this, everyone (and I mean EVERYONE) stopped using Wi-Fi.  From the CEO down to the rank-and-file.  Wi-Fi usage, per month, was at (an average) 12.  Users went back to the un-restricted USB internet dongles and the Wi-Fi network became a white elephant.  Internet usage cost went through the roof but the Security team stood their ground and did not waver.

My story is this:  The more you restrict, the more they'll find loopholes.  Every corporation is now being proactive and are implementing BYOD. 

George Stefanick
VIP Alumni
VIP Alumni

If these are company devices use a supplicant like intel and lock it down so only the company ssid can be used ..

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Not even possible. Because then this person needs to go home and work from home across VPN and he can't even make a profile to associate to his wifi at home.

This is one of the unsolved problems of security: all URL filtering tools or restrictions on corporate level are useless or have very limited usefullness. "Oh this URL is blocked ? Lets make a wifi hotspot on my phone and via 4G, hopla, i am connected to the URL."

Once the user has entered corporate premises, he should be restricted to create wifi profiles. Once he is in the "outside" world, this restriction should be lifted.

Cool to see an old post come alive:)  There is no real good way to approach this. I have seen companies lock down the laptop which only work wired outside the company using VPN.  These days people want to be mobile, I for one.  If I was to not be able to connect to any hotspots with a domain machine, I would not ever use it and get my own machine with VPN access.   I do tether from my phone, other wifi mobile hotspots and public hotspots to be able to work. I think the question from 2012 to now has changed with time and companies experience with wireless & security. Just my 2 cents.

 

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card