Internet adapters on the shop floor

Yahoo Archive
1
Hi Jeff,

I have a few questions about this route, if you don't mind...

What model USB key are you using for this?
Does it cause problems with other wireless devices on the notebook?
Is it compatible with all OSs?
How does it supply the WEP key?


--- In vantage@yahoogroups.com, "maurojm" <jeff.mauro@...> wrote:
>
> I have been on vacation for the past week so I apologize for the
late
> response.
>
> I read all of the replies, but why not just secure the wireless
guest
> network? Provide a USB with the key on it for guests. They can
> surely appreciate the fact that you are trying to protect your
> network (and them) from users that shouldnt be there. That is what
I
> do here and it doesnt seem to be a problem wiht anyone.
>
> my 2 cents
> Jeff
>
>
>
>
>
> --- In vantage@yahoogroups.com, melissa hietala <kevmel822@> wrote:
> >
> > We have a situation that I can't seem to get a straight answer on
> internally and wanted to bounce off this group. Our shop floor pc's
> only have access to Vantage and some other software. No Internet
> capability through our security settings. However, it seems that
> someone is bringing in a 'usb Internet adapter' and plugging it in
to
> get to the internet through our guest wireless WAP. But the pc
itself
> does not show any internet activity or tracing that I can find.
Does
> using the adapter not trace the history of internet usage or
> something? We know that they can erase the Temp internet files and
> such, but is there a deeper area in the pc to trace the usage?
> >
> > Any help or direction would be greatly appreciated.
> >
> >
> >
> > Melissa Hietala
> > UMC, Inc.
> > melissah@
> >
> > ---------------------------------
> > Shape Yahoo! in your own image. Join our Network Research Panel
> today!
> >
> > [Non-text portions of this message have been removed]
> >
>
2
We have a situation that I can't seem to get a straight answer on internally and wanted to bounce off this group. Our shop floor pc's only have access to Vantage and some other software. No Internet capability through our security settings. However, it seems that someone is bringing in a 'usb Internet adapter' and plugging it in to get to the internet through our guest wireless WAP. But the pc itself does not show any internet activity or tracing that I can find. Does using the adapter not trace the history of internet usage or something? We know that they can erase the Temp internet files and such, but is there a deeper area in the pc to trace the usage?

Any help or direction would be greatly appreciated.



Melissa Hietala
UMC, Inc.
melissah@...

---------------------------------
Shape Yahoo! in your own image. Join our Network Research Panel today!

[Non-text portions of this message have been removed]
3
Not really.



If someone is smart enough to bring in a USB device then they are smart
enough to cover their tracks.

I am surprise that your IT person went through the steps to lock down to
a few apps but let the permission to install devices.



Our MES terminals are in complete lock down. They can't even change the
desktop background image.



Joe Rojas

Information Technology Manager

Symmetry Medical TNCO

15 Colebrook Blvd

Whitman MA 02382

781.447.6661 x7506



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of melissa hietala
Sent: Friday, August 17, 2007 9:05 AM
To: Users Group
Subject: [Vantage] Internet adapters on the shop floor



We have a situation that I can't seem to get a straight answer on
internally and wanted to bounce off this group. Our shop floor pc's only
have access to Vantage and some other software. No Internet capability
through our security settings. However, it seems that someone is
bringing in a 'usb Internet adapter' and plugging it in to get to the
internet through our guest wireless WAP. But the pc itself does not show
any internet activity or tracing that I can find. Does using the adapter
not trace the history of internet usage or something? We know that they
can erase the Temp internet files and such, but is there a deeper area
in the pc to trace the usage?

Any help or direction would be greatly appreciated.


Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com>

---------------------------------
Shape Yahoo! in your own image. Join our Network Research Panel today!

[Non-text portions of this message have been removed]





[Non-text portions of this message have been removed]
4
Disable the WAP unless a guest is in house?
Enable logging on the WAP?

-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of melissa hietala
Sent: Friday, August 17, 2007 9:05 AM
To: Users Group
Subject: [Vantage] Internet adapters on the shop floor

We have a situation that I can't seem to get a straight answer on internally and wanted to bounce off this group. Our shop floor pc's only have access to Vantage and some other software. No Internet capability through our security settings. However, it seems that someone is bringing in a 'usb Internet adapter' and plugging it in to get to the internet through our guest wireless WAP. But the pc itself does not show any internet activity or tracing that I can find. Does using the adapter not trace the history of internet usage or something? We know that they can erase the Temp internet files and such, but is there a deeper area in the pc to trace the usage?

Any help or direction would be greatly appreciated.



Melissa Hietala
UMC, Inc.
melissah@...

---------------------------------
Shape Yahoo! in your own image. Join our Network Research Panel today!

[Non-text portions of this message have been removed]



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links
Yahoo! Groups Links
5
> We know that they can erase the Temp internet files and such, but is
there a deeper area in the pc to
> trace the usage?

Disable USB if possible. Check the system for drivers that do not belong
and remove them. Provided the MES user account only has user and not
administrator credentials, they should not be able to install new
hardware.

If internet explorer is not required by any of your applications, remove
it or rename it so that it won't run.

To at least collect evidence, open up a couple of items in the browser
(even local sites) this will create a history. Then if the other person
tries browsing, they can't erase the history without changing what is
already there. Also check the system logs for any evidence of hardware
additions or removals.

Bottom line, the best way to secure a system on the floor is to put it
in a locked case.

Brian
6
Do you have a firewall at your internet border? Some have logging capability there that can track internet bytes by destination PC and at least point ot which it might be, even if via a WAP. Might take some configuring. The access point may also offer some traffic logging y IP address or MAC. Once the right PC is identified extra scrutiny can be applied. Or,,,inside the cases disconnect the external USB slots or even do this in hardware congfig.

On the other hand I've been considering switching our network from static IP to DHCP. You've just provided an argument for keeping our guest WAP static and manually giving visitors an address.
-Todd C.

________________________________
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of melissa hietala
Sent: Friday, August 17, 2007 8:05 AM
To: Users Group
Subject: [Vantage] Internet adapters on the shop floor


We have a situation that I can't seem to get a straight answer on internally and wanted to bounce off this group. Our shop floor pc's only have access to Vantage and some other software. No Internet capability through our security settings. However, it seems that someone is bringing in a 'usb Internet adapter' and plugging it in to get to the internet through our guest wireless WAP. But the pc itself does not show any internet activity or tracing that I can find. Does using the adapter not trace the history of internet usage or something? We know that they can erase the Temp internet files and such, but is there a deeper area in the pc to trace the usage?

Any help or direction would be greatly appreciated.


Melissa Hietala
UMC, Inc.
melissah@...<mailto:melissah%40ultramc.com>

---------------------------------
Shape Yahoo! in your own image. Join our Network Research Panel today!

[Non-text portions of this message have been removed]



________________________________
The information contained in this E-mail message and any documents which may be attached are privileged and confidential, and may be protected from disclosure.

Please be aware that any use, printing, copying, disclosure or dissemination of this communication may be subject to legal restriction or sanction. If you think you have received this message in error, please reply to the sender.

For more information please visit www.harveyvogel.com


[Non-text portions of this message have been removed]
7
How about loading some logging software like NetNanny or CyberSitter? It
will show any internet activity and not be able to be seen running on the
computer. It worked for us.

Todd Sarber
I.T. Manager
Accra-Fab, Inc.

-----Original Message-----
From: Bernie Walker [mailto:bwalker@...]
Sent: Friday, August 17, 2007 6:09 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Internet adapters on the shop floor


Disable the WAP unless a guest is in house?
Enable logging on the WAP?

-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
melissa hietala
Sent: Friday, August 17, 2007 9:05 AM
To: Users Group
Subject: [Vantage] Internet adapters on the shop floor

We have a situation that I can't seem to get a straight answer on internally
and wanted to bounce off this group. Our shop floor pc's only have access to
Vantage and some other software. No Internet capability through our security
settings. However, it seems that someone is bringing in a 'usb Internet
adapter' and plugging it in to get to the internet through our guest
wireless WAP. But the pc itself does not show any internet activity or
tracing that I can find. Does using the adapter not trace the history of
internet usage or something? We know that they can erase the Temp internet
files and such, but is there a deeper area in the pc to trace the usage?

Any help or direction would be greatly appreciated.



Melissa Hietala
UMC, Inc.
melissah@...

---------------------------------
Shape Yahoo! in your own image. Join our Network Research Panel today!

[Non-text portions of this message have been removed]



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Yahoo! Groups Links





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Yahoo! Groups Links




No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.11.19/953 - Release Date: 8/14/2007
5:19 PM


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.11.19/953 - Release Date: 8/14/2007
5:19 PM
8
We too have guest WAP's but they're not wide open. Each WAP requires the
MAC address of the guest device to be added Local Mac Address List on
the WAP -- MAC Address Authenication. This way we know who's asking
permission plus we can keep track of their activity.

When necessary I've also deployed STARR - Stealth Tracking Activity
Recorder and Reporter a key logger that reports every mouse click and
key stroke from workstations with suspicious activity.

Another handy reporting tool is IAM - Internet Access Monitor. I use
this to automatically capture internet use from my web access.log and
send dept/user access reports to their departmental managers.

Good Luck!

Lee Ingalls
Commercial Tool & Die, Inc.

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Todd Caughey
Sent: Friday, August 17, 2007 9:35 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Internet adapters on the shop floor



Do you have a firewall at your internet border? Some have logging
capability there that can track internet bytes by destination PC and at
least point ot which it might be, even if via a WAP. Might take some
configuring. The access point may also offer some traffic logging y IP
address or MAC. Once the right PC is identified extra scrutiny can be
applied. Or,,,inside the cases disconnect the external USB slots or even
do this in hardware congfig.

On the other hand I've been considering switching our network from
static IP to DHCP. You've just provided an argument for keeping our
guest WAP static and manually giving visitors an address.
-Todd C.

On Behalf Of melissa hietala
Sent: Friday, August 17, 2007 8:05 AM
To: Users Group
Subject: [Vantage] Internet adapters on the shop floor

We have a situation that I can't seem to get a straight answer on
internally and wanted to bounce off this group. Our shop floor pc's only
have access to Vantage and some other software. No Internet capability
through our security settings. However, it seems that someone is
bringing in a 'usb Internet adapter' and plugging it in to get to the
internet through our guest wireless WAP. But the pc itself does not show
any internet activity or tracing that I can find. Does using the adapter
not trace the history of internet usage or something? We know that they
can erase the Temp internet files and such, but is there a deeper area
in the pc to trace the usage?

Any help or direction would be greatly appreciated.

Melissa Hietala
UMC, Inc.
melissah@...
9
I have been on vacation for the past week so I apologize for the late
response.

I read all of the replies, but why not just secure the wireless guest
network? Provide a USB with the key on it for guests. They can
surely appreciate the fact that you are trying to protect your
network (and them) from users that shouldnt be there. That is what I
do here and it doesnt seem to be a problem wiht anyone.

my 2 cents
Jeff





--- In vantage@yahoogroups.com, melissa hietala <kevmel822@...> wrote:
>
> We have a situation that I can't seem to get a straight answer on
internally and wanted to bounce off this group. Our shop floor pc's
only have access to Vantage and some other software. No Internet
capability through our security settings. However, it seems that
someone is bringing in a 'usb Internet adapter' and plugging it in to
get to the internet through our guest wireless WAP. But the pc itself
does not show any internet activity or tracing that I can find. Does
using the adapter not trace the history of internet usage or
something? We know that they can erase the Temp internet files and
such, but is there a deeper area in the pc to trace the usage?
>
> Any help or direction would be greatly appreciated.
>
>
>
> Melissa Hietala
> UMC, Inc.
> melissah@...
>
> ---------------------------------
> Shape Yahoo! in your own image. Join our Network Research Panel
today!
>
> [Non-text portions of this message have been removed]
>
10
Good, solid, inventive suggestion! That virtually gets rid of one of
the vulnerabilities with WEP security.



Bruce Butler

IT Manager

Knappe & Koester, Inc.

_____

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of maurojm
Sent: Wednesday, August 22, 2007 10:27 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Internet adapters on the shop floor



I have been on vacation for the past week so I apologize for the late
response.

I read all of the replies, but why not just secure the wireless guest
network? Provide a USB with the key on it for guests. They can
surely appreciate the fact that you are trying to protect your
network (and them) from users that shouldnt be there. That is what I
do here and it doesnt seem to be a problem wiht anyone.

my 2 cents
Jeff

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,
melissa hietala <kevmel822@...> wrote:
>
> We have a situation that I can't seem to get a straight answer on
internally and wanted to bounce off this group. Our shop floor pc's
only have access to Vantage and some other software. No Internet
capability through our security settings. However, it seems that
someone is bringing in a 'usb Internet adapter' and plugging it in to
get to the internet through our guest wireless WAP. But the pc itself
does not show any internet activity or tracing that I can find. Does
using the adapter not trace the history of internet usage or
something? We know that they can erase the Temp internet files and
such, but is there a deeper area in the pc to trace the usage?
>
> Any help or direction would be greatly appreciated.
>
>
>
> Melissa Hietala
> UMC, Inc.
> melissah@...
>
> ---------------------------------
> Shape Yahoo! in your own image. Join our Network Research Panel
today!
>
> [Non-text portions of this message have been removed]
>





[Non-text portions of this message have been removed]
11
melissa hietala wrote:
> We have a situation that I can't seem to get a straight answer on internally and wanted to bounce off this group. Our shop floor pc's only have access to Vantage and some other software. No Internet capability through our security settings. However, it seems that someone is bringing in a 'usb Internet adapter' and plugging it in to get to the internet

Most web browsers other than I.E. (eg: Firefox) can be setup to run entirely from a single directory -- no mess of registry settings, system files, etc scattered all over (this is a Good Thing, actually.) The browser can then be configured to keep all its history, cache, temp files, etc in a directory of choice. It sounds like someone configured all this on a USB drive off site -- probably their home PC, and has simply carried it in, plugged it in and run it.

I Gooogled for: firefox usb boot privacy, and this looks to be a decent article on the topic:
http://www.pcstats.com/articleview.cfm?articleid=1676&page=1

First you need a company policy that says employees aren't allow to do that kind of garbage. Then actually lock down the PC and its operating system. You should be able to disable the USB ports and alternate boot devices in the bios. The configure Windows with very limited functionality. You can tweak system settings to disable explorer, disable removable drives, turn off the STart menu, Run box, etc. Basically restrict it to nothing other than Vantage and legit apps.

-Wayne