[unisog] Aircard and security
michael.holstein at csuohio.edu
Fri Nov 3 14:20:15 GMT 2006
> I am new to aircards and need to do research on the product and its
> vulnerability. I am wide open to ideas and suggestions on how to
> manage the risk. Also is there a method of detecting aircards users.
Again .. this is a HR solution .. ban their use in University equipment
(I know .. easier said than done..).
From a technical perspective, they use the same RF bands as the phones
by the same carrier (although different protocols) so detecting them
from a physical perspective would be hard.
Most of the providers use known IP space that's not intermixed with
other stuff, so you could block all those IP ranges from accessing
anything -- which would prevent them from doing much besides surfing the
Internet from their desk.
If you have a centrally managed domain model, you could control their
use by GPO though.
Another approach would be to permit their use, but require the use of a
VPN to access University resources. Everyone wins that way (but enforce
with the GPO and firewall ideas from above).
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog