Some time ago I read an article in Network World about switched wireless network hardware and it's implementation in an enterprise environment.
At the tim I surfed the companies profiled and on one of their sites saw a small utility that would automatically disable the wireless on an employee's laptop if they plugged into the wired ethernet. It was freeware.
I have surfed all the manufacturers sites I can think of or find in the Network World archives but I cannot find that utility.
I should have nabbed it at the time, it's unlike me not to, and I may have. But I can't find it.
Has anyone seen that or know it's name or where it can be found?
Such a utility comes with various manufacturers laptops. It's often part of a suite of wireless management utilities. For example: Toshiblah: Config Free IBM: ThinkVantage Access Connection There are also a mess of "connection managers" some of which will do the same thing. However, I can't think of one that is stand alone and free. Sorry. However, you don't really need to disable the wireless when one plugs in an ethernet cable. The IP route metric provides a priority system for situations where there are multiple paths to the default route(s). Just run: route print and notice the "metric" column. The smaller the number, the higher the priority (i.e. the lower the "cost" of the route). YOu'll find that ethernet connections have a lower "cost" which will make packets favor ethernet over the more "expensive" wireless router.
Description of the Wireless LAN Route Table Metric Behavior
Behavior When Connected to Both Wired and Wireless Networks
An explanation of the Automatic Metric feature for Internet Protocol routes
Well, I have been looking for Cirond Airsafe Personal, but not finding anything.
I did find a reference to the freeware version.
formatting link
It's airpatrol.com now, but it might not be freeware anymore. Seems like the same people involved as were at Cirond. The site looks similar to the one in the archive for cirond.com.
I found this page, and they may not know it's up there.
formatting link
no download link that I can find.
Can anyone help? I looked on the usual places, CNET, bittorrent, mininova, snapfiles, astalavista. Nothing.
It would surprise me that no one has archived that file.
Just out of curiosity, why are you looking for utility? Got XP? It's built in to it, and you don't need a utility....Still using win 98? In that case you may be screwed
As Jeff said, just make sure that the metrics on each pc are set for ethernet over wireless. Then, every time it's got an ethernet connection, it ignores the wireless.
I'm having a hard time seeing why that won't do the job...
Have you considered why people keep saying you don't need it, and nobody knows anything about that specific program?
Fraid I don't understand why you would even consider, that a function of windows (that works great) should be ignored, and you want to find some obsolete program to workaround what windows already has and works?
Seems to me that the program you posted about is a workaround to a something that works, but you don't want to use.... So that term is wrong... don't really know what to call it, since you can't have a workaround to something that already works! :)
Perhaps the reason you can't find any applications is that it's not necessary with Windoze 2000, XP, Vista, Linux, or OS/X? Using the IP "metric" to switch traffic between interfaces works just fine. Where it screws up is when you have two wireless cards or two ethernet cards with identical metric values (and possibly identical default gateways) in a computah. However, these can be fixed with manually set metric values.
No problem. So far, you have a freeware program that I couldn't find in the article search on Network World magazine, some manufacturer specific connection managers, and Cirond Airsafe Personal, which appears to be unavailable. With such a poor selection, deploying one of these on 1000 laptops is not a good idea.
Perhaps it would be helpful if you would disclose what problem you are trying to solve with this utility.
As I think I mentioned, the article in Network world wasn't about that application. It was about switched wireless networks in enterprise use. The freeware was just something I stumbled across while reading the sites mentioned. Not like me to not archive something like that immediately. FWIW, I don't think it was the Cirond thing.
At a medical facility patient privacy is required by law.
Wireless networks are not needed or deployed.
But a walk around audit of the building will detect literally dozens of wireless clients. It's impossible to find them. Could be staff, patients, vendors.
It's also impossible to find out whether the interface metrics are set correctly, at least in the time allotted.
What might be possible is to say "Doc, I am from IT. I need to look at your task manager for a moment".
As long as the ap is running we can assume it is doing it's job, which is a heck of a lot faster that comparing the metrics on the network interfaces of some busy radiologist's computer.
In all the world there has to be someone, somewhere who has archived that application.
I think you mean "wireless switches". These are a mess of dumb wireless access points, with all the brains in a rack mounted wireless switch box. It has the major advantage of central administration of everything. The major problem is that all such solutions tend to be very proprietary by vendor. There are also some implementations which are controversial (Meru versus Cisco) in their adherence to established standards. They have some major benefits in a hospital or corporate environment. I have a list of vendors (somewhere) if you want it. Perhaps they offer the utility.
Yeah, I've noticed that. Vendors are so unsure of their installations of encrypted tunnels and authentication mechanisms that they're proscribing wireless. I deal with several medical offices, a pharmacy, and several convalescent hospitals, that have totally independent wireless systems that never touch the protected LAN with the medical records. I get the thankless job of proving to the auditors that the two networks are completely independent.
I'm not an expert on HIPAA compliance, but I can assure you that the obstacle course setup by the typical IPSec VPN is sufficient to prevent both bridging and routing via the clients wireless connection. As long as the VPN shim is controlling the routing, no packets are going to go out via the wireless. It's also possible for a VPN client to detect additional network connections and disable the VPN tunnel until these additional connections are user disabled.
Duz "ap" mean "application" or "access point"? The application you're looking for will probably do what you want, but does not in itself guarantee that the wireless is disabled (unless imbedded in the VPN application). For example, the applications might turn off the wireless on initial startup, but there's nothing to prevent the user from turning it back on after starting the VPN client and tinkering with the routing table. This cross checking can get very complicated very quickly.
The best compromise I've seen is to setup user laptops with two (or more) user profiles on startup. Profile #1 is called "general computing" and has everything setup normally including wireless. However, the VPN client is setup to check the profile and not connect if running "general computing". Profile #2 is called "secure network" and disables everything except what's necessary to run the VPN and associated applications. Also, different user logins for each profile to avoid cross pollination. This isn't 100% totally HIPAA secure because a knowledgeable user can hack some of the settings and download the usual viruses and worms. Make sure your VPN gateway has a functional virus/worm scanner and IDS running. However, it's been a reasonably good compromise.
Incidentally, the system setup by one vendor (which I can't find) has the client checking the process table for a list of applications running when connected too the VPN. If there's an application that it doesn't know about, the client will not connect. I can see support problems with this approach, but it should work with user profiles, where the applications installed and running can be tightly controlled.
I'll keep looking, but I still think your approach and proposed solution is seriously lacking. Good luck.
Wireless Security: Ensuring Compliance with HIPAA, GLBA, SOX, DoD 8100.2 & Enterprise Policy
Argh. I had the utility sitting on my machine and forgot about it. Must be brain damage from too much RF. See NicSwitch at:
Is this the one? I haven't tried NicSwitch, but I've used Netswitcher for many years.
I still think you're doing this mostly wrong. The only thing you really have control over is the gateway and applications server. Trying to control, police, or sanitize the client is in my opinion a futile and impossible task, especially with 1000 machines of mixed lineage. If you insist on imposing some level of security on the client, the best you can probably do is a VPN client that makes sure that any other networks are automagically disconnected. However, that's not sufficient, so you'll probably need to treat every incoming connection as hostile until authorized and authenticated. Then, limit their access to the inside LAN to only those machines that they need to access. This would also be a great place for an IDS (intrusion detection system) to catch any worms, probes, and hostile applications coming from the client. If the client has been compromised by a trojan, the IDS should catch the unusual traffic.
As for wireless, ignoring it is also futile. Wireless is not going to disappear and connectivity is not going to remain restricted to ethernet. (Kinda reminds me of the bad old days when the mainframe clique tried to block PC's, and when corporate MIS tried to block Mac's). I suggest you at least become familiar with the operation, security issues and techniques involved in implementing secure wireless system. Be prepared for the inevitable day when it's demanded by your users.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.