Restricting WLAN Access for Mobile Devices

Unanswered Question

I'm wondering if anyone has suggestions for ways of preventing mobile devices from connecting to the WLAN.  We are moving to a mainly Wireless LAN Controller-based infrastructure, so I'm focusing on possibilities with the WCS/WLC (and not worrying about IOS APs).


Our policy is to keep mobile devices off our WLAN, because we can't ensure their security (no standard patching or anti-virus solution for these devices).  But users are able to config their mobile devices' wireless profiles to allow them to authenticate.  So we can release all the policies we want.... policies don't keep them from connecting.


Because on the security concerns and the fact that they chew up IP addresses, I'm trying to figure out what we could do to keep them off our WLAN!  Any ideas are welcome!


Note:  our company is too big to entertain any MAC address filtering based on allowing known laptop MACs or blocking known mobile device MACs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ericgarnel Thu, 03/04/2010 - 07:19

That is not an easy task!   NAC comes to mind first....


here is a stop-gap solution/idea:


Turn off 2.4 GHz alltogether & use 802.11a capable laptops.  It will stop all currently available mobile devices from connecting.


Granted, it is a bit harsh and impractical, but initially effective - until mobile devices speak 802.11a (my money is on Nokia being 1st).


also, using a splash page format ( along with radius authentication ) that is not mobile browser friendly is another stop-gap solution!

Scott Fella Thu, 03/04/2010 - 18:17

Machine authentication will prevent non-domain devices to authenticate successfully to the WLAN.  If you don't broadcast the SSID an use a secure encryption/authentication method, then the deivce must successfully authenticate in order to obtain an ip address.  If you use a L3 authentication method like Web-Auth or Pass-through, then the device will obtain an ip address in order to get the splash page.

Actions

This Discussion

 

 

Trending Topics - Security & Network