I have had an interesting situation posed to me, and I wanted to reach out to the community for some advice and/or to touch into everyone's knowledge and experience.
My company has a customer, who is a hospital. The hospital is using DHCP throughout their environment for their PCs. The hospital has not implemented any wireless products in their network. One of their doctors brought in a Linksys Wireless Router, plugged it into the LAN port in his office, and is using that wireless router so that he can walk around the hospital with his laptop and still be on the network. The hospital, as I'm sure you can imagine, is pretty upset with this, as it poses a security breach on the network. They realize that the wireless router belongs to the doctor, and that he's likely not going to remove the device from the network, nor implement any security features on the router (i.e. SSID / Encryption). From what I'm told, this is a dilemma that the hospital wants to close down as quickly as possible, and that the hospital wants to avoid this from becoming a "political issue" with the doctor.
When I was asked about my opinion on the issue, my only thought was that the hospital should enable port security on the switches, and essentially hard-code each PC's MAC address (either through programming the individual MAC address, or making the MAC address "sticky" to an individual port) to the switch, also making sure that the port is shut down if the MAC address is different than what is recorded in the MAC address tables. The hospital isn't thinking of installing wireless access points into the network as of yet, as it doesn't sound like they are ready for implementing that technology into their network. They don't feel that they can enforce a directive to the doctor to remove the wireless device from the network, and they don't feel that they could persuade the doctor to enable the security features on the wireless router.
I told my salesperson that doing the switch programming may take some time, and will likely cause a lot of work for the IT staff at the hospital. I guess I'm looking for any other information that might make this situation either easier to implement, or might be comparable to doing all of the switch programming for all of the individual ports. Any thoughts/ideas would be appreciated.
Thanks in advance!