Opinions On Giving Employees WIFI Access For Their Cell Phones

By Cudmasters Los ·
Curious on pros and cons on allowing an employee to use the business WIFI network for internet access with their cell phones.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

You mean using your WLAN with their personal device?

by robo_dev In reply to Opinions On Giving Employ ...

If so, that's a bad idea.

-risk of malware
-risk to servers/workstations on your LAN
-risk that users access inappropriate content

Collapse -

Edited Question

by Cudmasters Los In reply to You mean using your WLAN ...

Man did i leave a few important details out there, sorry, please reread question. I edited it, thanks

Collapse -

it's the same cons that Robo dev mentions

by CG IT In reply to Opinions On Giving Employ ...

malware from their phones.

potential breach of the network from their phone.

Most companies allow employees to use their personal cell phones the business network where sensitive or business critical data are not accessible on that network segment.

Collapse -


by Cudmasters Los In reply to it's the same cons that R ...

are there any articles that i can provide to employer, that doesn't understand and needs to get a better understanding?

Collapse -

might look for past articles on Infoworld, Network World

by CG IT In reply to Articles

or computer world with keywords employee owned equipment.

it's really the same issue as allowing an employee to use their personal PC on the company network.

The company is responsible for employee activity using company equipment. This includes their computer network and internet access. The companies legal department can give the owners their liability responsibility.

Collapse -

while not strickly cell phones, here's the horror story about clouds

by CG IT In reply to might look for past artic ...

from Network World.

so you could envision an employee just uploading all that sensitive info into the cloud. Heck take pictures, upload em....

here's another article from network world.

The BYO PC/Phone/Tablet/Netbook/IPad/Iphone/Smart phone security debate has been going on for a while with many articles for the practice [costs lots less if companies didn't have to buy equipment] and against [employee owned equipment brings in viruses/malware to the corporate network Network Access Protection software has seen a large increase in interest because of this.

Collapse -

Consider this:

by robo_dev In reply to Articles

At my employer, they accidentally left a WLAN open for short time.

I picked it up on my iPhone whilst on the treadmill in the exercise facility.

While jogging, I downloaded a network discovery app for the iphone and quickly mapped out all the PCs and other devices on the network, with their device names, open ports, and so forth. (of course, downloading this app over the nice fast wifi connection).

Next, I pointed my web browser to the IP address of the gateway router. Bingo..default password was set. From there I listed and printed the ARP table and Logs of the router, showing every host name who had connected since prior reboot. I recognized many names (e.g. "Tom's iphone") and observed the naming convention used for devices.

I was able to view the userid used for DSL router login, confirming who owned the device (the company name was part of it).

Next, I noted the PC with port 3389 open (woo hoo). I launched my Mocha RDP lite app and bingo, get a remote-desktop login screen for a the PC. No easy to guess passwords were available, not that I spent a long time at it.

If my iPhone were jailbroken, there's probably a 'TSgrinder' type of app to hack into terminal server, but I digress....

Also, if my phone were jailbroken, a sniffer application would show all sorts of cool stuff, like ALL traffic of ALL users. Remember that a WiFi network is a mac-layer bridge, so a sniffer sees everything that's not encrypted. For some reason Apple does not allow packet-capture apps in the app store :)

I was also able to establish a SSH session to the WLAN access point connected to the DSL router, but it was not set to factory default.

Note that my job is to find stuff like this, so my findings were written up as nice pretty security incident, and not subject to prosecution. Using a iPhone screen-capture app, I was able to grab all the screens, hostnames, IP addresses, who was connected, etc.

Collapse -

Great Insight

by Cudmasters Los In reply to Consider this:

Thanks for the tips. What if it is a company cell phone

Collapse -

Then the company owns the Cell Phone

by OH Smeg Moderator In reply to Great Insight

And should be controlling what is on it and what it is used for.

If the user then installs anything to the phone it would be a case of Immediate Dismissal.

Also if they where to access any sites that fall onto the Blocked List things like Kiddy Porn, Sites on how to make Bombs and the like then the company would be libel and within their rights to dismiss that person immediately as well as passing on that information to the Authorities for their action as required.


Collapse -

A company cell phone, if properly secured, is different

by robo_dev In reply to Great Insight

In the case of a Blackberry, for example, it's not possible for employees to install apps on them, as they can be locked down by policy. Right there that reduces risk by about 90%.

The same phones can be forced to use encrpytion, can be configured to only use the BES (blackberry enterprise server) for Internet access, and can be remotely bricked/wiped in case of loss/theft.

I know Apple has some of those things for enterprise iphone users,

Not sure about other mainstream phones...have not looked into it.

Related Discussions

Related Forums