2

In short we have 7 Mobile Casio Scanners that seem to be incapable of holding their Wi-Fi passwords, they sometimes lose them for no apparent reason.

We of course, cannot give out the wireless password as this would be giving out access to our LAN as a Wi-Fi password soon makes it's way around the business.

It's causing a headache for me and our IT as we have to input these passwords on a day to day basis and sometimes business is halted as we are out of the office.

I thought about creating seperate SSID's on our AP's for 'SCANNERS', from here I was going to give out the password but ensure that MAC Address filtering was turned on to allow only the scanners MAC's through.

I've since read that this is almost pointless as a simple packet sniff of the wireless you can see MAC addresses in the Wireless Handshake in plain text, from there you can spoof your device into using that MAC address and boom they would be able to get into the network.

Not a good business choice in my eyes.

Any ideas from anyone would be HUGELY appreciated!!

Thanks,

Matt.

Network Technician.

Matty Dilkes
  • 21
  • 1

2 Answers2

1

You could do the MAC filtering but also separation of LAN to dedicated VLAN so that if someone connects to it wont be able to browse network shares. This kind of functionality is on every normal enterprise switch. Apart from separating it to dedicated VLAN, you would need to filter out all traffic except for only what is required by scanners. This kind of functionality is also in almost every managed enterprise switch. You could do it also on the router/firewall if you have one. This way if someone bypasses your MAC filtering, he wont be able to browse local LAN, connect to the internet, or do anything else except for what scanners do, which is very low impact IMO.

Aria
  • 2,706
  • 11
  • 19
1

So there is a lot to unpack here.

1: -why do they lose their configs?!!- Root cause this first. Call Casio. Demand a refund. Etc.

2: Set up a seperate wifi network on your AP. You should do this anyway. If these are production tools they should not share a network with "guests". Very dangerous. Depending on what these scanners do you might be in SOX/PCI/Hippa breech.

3: I'm assuming what you mean above is "create a seperate network "scanners" and give the password to the workers using them" This is not a bad idea. Mac filtering doesn't hurt (you lock your car doors right? Doesn't stop a pro). That is a segmented network. Someone breeches that, it does not mean they get onto your critical networks... unless you made the password the same.

4: set up a new network. Buy a second, cheap line from an ISP. Buy a cheap router. Create a new SSID. Make the network "open" and the ssid "hidden" (yeah, it's not really, but see car doors thing above) and go for it.

Also, see #1, most important. Good luck!

bashCypher
  • 1,839
  • 11
  • 21
  • Appreciate the response 1. We have contacted Casio...no response yet!! 2. Well the scanners in short are used to track parts throughout our factory for example a pallet will be scanned to its corresponding racking barcode and this is stored on our SQL database hence the need to be on our LAN. No guests are on this, the only other devices on the wireless are some work phones and work tablets. Thanks again :) – Matty Dilkes Feb 08 '18 at 08:22