Re: Marriott wifi blocking
You have to do both preferrably. You kill the wired port to get them off your LAN, but if they are also on one of your SSIDs or run an unsecured one the AP can bug light your clients. Given that there is an unauthorized intrusion on the wired side, I don't want him talking to my clients at all. Steven Naslund Chicago IL On Oct 9, 2014, at 7:42 PM, "Chris Marget" <chris@marget.com<mailto:chris@marget.com>> wrote: On Thu, Oct 9, 2014 at 3:41 PM, Naslund, Steve <SNaslund@medline.com<mailto:SNaslund@medline.com>> wrote: If you set up an AP and try to plug it into my wired infrastructure that's when the active stuff comes into effect because you have no right to add a device to my wired network. Hi Steve, You're not the first to express this sentiment. Do you mind if I ask why? I mean, if you *know* there's an AP on your wired network, wouldn't it be more effective to kill the wired port? Just curious... /chris
Now that BYOD is so popular, you don't control all of your client configurations so you better find a way to try to secure them as much as possible from the network side. Defense in depth is what it is. It a lot easy to manage one wireless IDP/IDS than a thousand clients that get replaced and updated on a six month cycle. Also, if you are required to meet PCI/HIPPA/DoD regs then securing the client will not be enough to satisfy the regulators. Steven Naslund Chicago IL
On Oct 10, 2014, at 9:21 AM, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu> wrote:
On Fri, 10 Oct 2014 14:03:48 -0000, "Naslund, Steve" said:
the AP can bug light your clients.
Only if your clients are configured to allow it.
participants (2)
-
Naslund, Steve -
Valdis.Kletnieks@vt.edu