[unisog] Aircard and security

Michael Holstein michael.holstein at csuohio.edu
Fri Nov 3 14:20:15 GMT 2006


> I am new to aircards and need to do research on the product and its 
> vulnerability.  I am wide open to ideas and suggestions on how to 
> manage the risk.  Also is there a method of detecting aircards users.

Again .. this is a HR solution .. ban their use in University equipment 
(I know .. easier said than done..).

 From a technical perspective, they use the same RF bands as the phones 
by the same carrier (although different protocols) so detecting them 
from a physical perspective would be hard.

Most of the providers use known IP space that's not intermixed with 
other stuff, so you could block all those IP ranges from accessing 
anything -- which would prevent them from doing much besides surfing the 
Internet from their desk.

If you have a centrally managed domain model, you could control their 
use by GPO though.

Another approach would be to permit their use, but require the use of a 
VPN to access University resources. Everyone wins that way (but enforce 
with the GPO and firewall ideas from above).

Regards,

Michael Holstein CISSP GCIA
Cleveland State University


More information about the unisog mailing list