Re: [WIRELESS-LAN] Detecting Stolen Laptops...
We put CompuTrace on all our college-owned laptops, and Campus Police had direct access to the admin portal for it. When something is stolen, they don't even need our involvement. BTW, I'm assuming a stolen laptop won't be put back on OUR network, but eventually it may hit someone else's. As soon as it goes online anywhere, the red flag pops. I honestly don't know if we've ever had one stolen, and then if so if CompuTrace helped recover it. Someone else here manages that software (but I can ask if you're really curious). On Tue, 9 Dec 2008, Hector J Rios wrote: Date: Tue, 9 Dec 2008 23:05:54 -0600 From: Hector J Rios [EMAIL PROTECTED] Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Detecting Stolen Laptops... Once in a while we get calls from the university police department asking us to search for stolen laptops. We use the stolen laptop's MAC address to search in both DHCP and WCS (we are a Cisco shop). We've never been successful in recovering a stolen laptop. So far the thieves have been smart enough not to ever bring those laptops back into our campus. I'm curious to know if any of you have come up with a way to automate the detection of a wireless device. Something like waiting for a laptop's MAC to come on the wireless network and immediately sending an email to an operator. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -Tim --- Tim Cantin, Senior Network Engineer Wellesley College, IS / Technology Infrastructure 223 Simpson Hall East, 106 Central Street Wellesley, Massachusetts 02481-8203 http://www.wellesley.edu/~tcantin/ phone: (781)283-3520 fax: (781)283-3682 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Detecting Stolen Laptops...
I'm guessing there are a number of us who would like to hear more about how the Computrace worked out for you if you don't mind following up. Pete M. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Tim Cantin Sent: Wednesday, December 10, 2008 7:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops... We put CompuTrace on all our college-owned laptops, and Campus Police had direct access to the admin portal for it. When something is stolen, they don't even need our involvement. BTW, I'm assuming a stolen laptop won't be put back on OUR network, but eventually it may hit someone else's. As soon as it goes online anywhere, the red flag pops. I honestly don't know if we've ever had one stolen, and then if so if CompuTrace helped recover it. Someone else here manages that software (but I can ask if you're really curious). On Tue, 9 Dec 2008, Hector J Rios wrote: Date: Tue, 9 Dec 2008 23:05:54 -0600 From: Hector J Rios [EMAIL PROTECTED] Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Detecting Stolen Laptops... Once in a while we get calls from the university police department asking us to search for stolen laptops. We use the stolen laptop's MAC address to search in both DHCP and WCS (we are a Cisco shop). We've never been successful in recovering a stolen laptop. So far the thieves have been smart enough not to ever bring those laptops back into our campus. I'm curious to know if any of you have come up with a way to automate the detection of a wireless device. Something like waiting for a laptop's MAC to come on the wireless network and immediately sending an email to an operator. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -Tim --- Tim Cantin, Senior Network Engineer Wellesley College, IS / Technology Infrastructure 223 Simpson Hall East, 106 Central Street Wellesley, Massachusetts 02481-8203 http://www.wellesley.edu/~tcantin/ phone: (781)283-3520 fax: (781)283-3682 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Detecting Stolen Laptops...
Hector J Rios wrote: Once in a while we get calls from the university police department asking us to search for stolen laptops. We use the stolen laptop’s MAC address to search in both DHCP and WCS (we are a Cisco shop). We’ve never been successful in recovering a stolen laptop. So far the thieves have been smart enough not to ever bring those laptops back into our campus. I’m curious to know if any of you have come up with a way to automate the detection of a wireless device. Something like waiting for a laptop’s MAC to come on the wireless network and immediately sending an email to an operator. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. At Michigan Tech. we use the AirWave Management Platform to manage our WiFi network. We work with a campus IT security officer and Public Safety to try to identify and collect the MAC on stolen devices. We have put a trigger in AMP that will send an email to the security folks on association of a stolen MAC addresses. I don't recall any finds, but we have the system in place to catch them. -- Shane Allan Godmere Senior Telecommunications Engineer II Michigan Technological University 1400 Townsend Dr. EERC-B30 Houghton, MI 49931 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Detecting Stolen Laptops...
We do more or less the same thing. Since you have to either register your laptop and the registration logs the MAC, or you're using WPA and the MAC gets logged via radius, finding this information tends to be fairly easy even if the user doesn't remember it themselves. We do have a script which, I believe (someone else wrote it), searches the ARP caches every so many minutes and tries to automatically walk our equipment path to a leaf port when it finds a MAC in the watch list. That way we get paged with both an alert that the MAC is online, and where it is. The same system works for both wired and wireless. We've actually had a reasonable rate of success, with a number of recovered laptops. That being said, the current university purchasing guidelines mandate a BIOS based tracking system on all new laptops (but that won't affect students, which the majority of our cases is.) It helps to have a good working relationship with the university police, where the detectives know who in the IT department can help them, what they can do, and the IT people can call the detectives directly to let them know when the pages come in, and both sides have either a formal or informal procedure. -- Toivo Voll Network Administrator Information Technology Communications University of South Florida (Not speaking for the university) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Any problems with Intel 5100s on Cisco lightweight APs using N?
Hello All, We've encountered an odd problem with some new Lenovo R400 laptops using Intel 5100 wireless (with latest drivers) and our Cisco wireless network. If one of these clients connects to an 802.11n or WMM-enabled SSID, and a large file transfer is started, traffic stops passing for (about) 5 to 40 seconds periodically. We've been working on this issue with Cisco, trying different settings and WLC versions (using 5.1.151.0 in production and 5.2.157.0 in testing), but no root cause yet. I was wondering if anyone else was seeing the same, or successfully using 5100s under this type of environment. Many thanks, Brady Alleman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Detecting Stolen Laptops...
Going back to fat APs and WLSE (Cisco manager), I have been asking that this be made a feature in central management. As a WCS user right now, it seems very natural to want to say alert me when this MAC address hits the WLAN whether it be for stolen laptops or other targeted investigative/monitoring needs. The data is being collected anyway, seems like a short leap to be able to key and alarm on it. (Easy for me to say, as someone who admittedly couldn't program his way out of the men's room.) Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Todd M. Hall Sent: Wednesday, December 10, 2008 11:43 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops... We have home grown scripts that harvest all mac addresses from our cisco edge switches and cisco wireless controllers. We store these mac addresses in a database along with what device (and port/radio) they were connected to. With this data, it was easy for us to write a script to take a list of stolen mac addresses and query the database. If any mac address shows back up on our network we are alerted by email. On Tue, 9 Dec 2008, Hector J Rios wrote: Date: Tue, 09 Dec 2008 23:05:54 -0600 From: Hector J Rios [EMAIL PROTECTED] Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Detecting Stolen Laptops... Once in a while we get calls from the university police department asking us to search for stolen laptops. We use the stolen laptop's MAC address to search in both DHCP and WCS (we are a Cisco shop). We've never been successful in recovering a stolen laptop. So far the thieves have been smart enough not to ever bring those laptops back into our campus. I'm curious to know if any of you have come up with a way to automate the detection of a wireless device. Something like waiting for a laptop's MAC to come on the wireless network and immediately sending an email to an operator. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Todd M. Hall Sr. Network Analyst Information Technology Infrastructure Mississippi State University [EMAIL PROTECTED] 662-325-9311 (phone) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Detecting Stolen Laptops...
We are an all Cisco shop but user Bradford Campus Manager as our NAC solution. When we get a report from University Policy we add the client records to a Stolen Devices group. When the device is reconnected we receive an email. We then either report the room # that the switch port is connected to, or we look in WCS to see what AP the client is on. We have so far recovered 3 or 4 this way. --Joe -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Wednesday, December 10, 2008 1:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops... Going back to fat APs and WLSE (Cisco manager), I have been asking that this be made a feature in central management. As a WCS user right now, it seems very natural to want to say alert me when this MAC address hits the WLAN whether it be for stolen laptops or other targeted investigative/monitoring needs. The data is being collected anyway, seems like a short leap to be able to key and alarm on it. (Easy for me to say, as someone who admittedly couldn't program his way out of the men's room.) Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Todd M. Hall Sent: Wednesday, December 10, 2008 11:43 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops... We have home grown scripts that harvest all mac addresses from our cisco edge switches and cisco wireless controllers. We store these mac addresses in a database along with what device (and port/radio) they were connected to. With this data, it was easy for us to write a script to take a list of stolen mac addresses and query the database. If any mac address shows back up on our network we are alerted by email. On Tue, 9 Dec 2008, Hector J Rios wrote: Date: Tue, 09 Dec 2008 23:05:54 -0600 From: Hector J Rios [EMAIL PROTECTED] Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Detecting Stolen Laptops... Once in a while we get calls from the university police department asking us to search for stolen laptops. We use the stolen laptop's MAC address to search in both DHCP and WCS (we are a Cisco shop). We've never been successful in recovering a stolen laptop. So far the thieves have been smart enough not to ever bring those laptops back into our campus. I'm curious to know if any of you have come up with a way to automate the detection of a wireless device. Something like waiting for a laptop's MAC to come on the wireless network and immediately sending an email to an operator. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Todd M. Hall Sr. Network Analyst Information Technology Infrastructure Mississippi State University [EMAIL PROTECTED] 662-325-9311 (phone) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Wireless Design for Arenas
Scenario: RF Design for an Arena area. We can easily design for the known devices we are anticipating will connect to the Wi-Fi. Challenge: How are others restricting connectivity to the Wi-Fi for those devices (e.g. Dual mode cell phones and other Wi-Fi enabled personal devices) that do not have a business need for connecting to the Enterprise wireless network? This number is only expected to grow exponentially in the near future. We are certain no one wants to provide IP addresses for all these devices and accept any potential security risks. Essentially how are you preventing these devices from obtaining IP addresses and associating to the wireless network? This will also create a degradation of service to those that do have a business need during sporting events. We can see the potential number of devices exceeding the APs load threshold very quickly. John V. Duran Network Engineer University of New Mexico Information Technology Services Ph: (505) 249-7890 Fax: (505) 277-8101 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Design for Arenas
802.1x or MAC filtering, or both... In a previous life I supported wireless for a large manufacturer with myriad dumb devices (thatis devices that couldn¹t do 802.1x) so we did a mix an SSID that did MAC filtering for DUMB devices and a SSID for 802.1x On 12/10/08 3:30 PM, John Duran [EMAIL PROTECTED] wrote: Scenario: RF Design for an Arena area. We can easily design for the known devices we are anticipating will connect to the Wi-Fi. Challenge: How are others restricting connectivity to the Wi-Fi for those devices (e.g. Dual mode cell phones and other Wi-Fi enabled personal devices) that do not have a business need for connecting to the Enterprise wireless network? This number is only expected to grow exponentially in the near future. We are certain no one wants to provide IP addresses for all these devices and accept any potential security risks. Essentially how are you preventing these devices from obtaining IP addresses and associating to the wireless network? This will also create a degradation of service to those that do have a business need during sporting events. We can see the potential number of devices exceeding the APs load threshold very quickly. John V. Duran Network Engineer University of New Mexico Information Technology Services Ph: (505) 249-7890 Fax: (505) 277-8101 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Detecting Stolen Laptops...
Hector J Rios wrote: Once in a while we get calls from the university police department asking us to search for stolen laptops. We use the stolen laptop’s MAC address to search in both DHCP and WCS (we are a Cisco shop). We’ve never been successful in recovering a stolen laptop. So far the thieves have been smart enough not to ever bring those laptops back into our campus. I’m curious to know if any of you have come up with a way to automate the detection of a wireless device. Something like waiting for a laptop’s MAC to come on the wireless network and immediately sending an email to an operator. Ours is a somewhat lower-tech approach than some listed here. We enter the MACs into dhcp to receive special addresses. Then What's Up pages me when those addresses show up again. Then I can go and start walking the system for locations. We've successfully retrieved a couple, but the majority of laptops that go walkies never reappear on our network. Once in a while we see one show up for a couple of minutes only and vanish again; typically around our AP's that are visible from downtown restaurants. I've never had those on the air long enough to send Security over to have a look, unfortunately. -- Regards, -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! www.calfrye.com, www.pitalabs.com Accomplishments have no color. --Leontyne Price. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.