RE: Physical Computer Location

["Jason Chung-Tung" <jason.chung-tung () excendis com>]

One more neat feature that Cisco (among other vendors) has implemented is
Port Security. You can (among other things) restrict use of the port based
on MAC address. This will require the user to notify you (the administrator)
of the move. You need to consider this carefully, as this cold turn out to
be an administrative nightmare if you do not have the resource to manage
this task in a very dynamic environment.

-----Original Message-----
From: John R. Morris [mailto:bishop () lycurgus nerdality com]
Sent: Monday, August 25, 2003 12:43 PM
To: Thomas Graf
Cc: security-basics () securityfocus com
Subject: Re: Physical Computer Location


These computers are on a network, so presumably they have network cards.
Keep a record of the MAC address, associated in a database with the
machine info (and who you gave it to, what network port it is plugged
into). Combined with a wiring diagram of your network ports, you can then
know where you plugged it in, and find it by querying your switches
when it moves on you. Cisco and other major switch vendors all have ways
to not only see what MAC address is plugged into what port, but also do
other neat things based on that, like dynamic VLAN assignment. You could
easily write a script the compares the "live" ports things are on with
their database ones, and e-mails you any changes.

- John
On Mon, 25 Aug 2003, Thomas Graf wrote:

> Hello everyone!
>
> I am a newbie trying to make some in-roads in the network security
> department.  I work at a hospital with approximately 1000 users but
> about 3000 computers.  We are currently rolling out new computers and
> are having problems after they are installed.  For example, we replace
> the secretary's computer but the doctor is fussing because he is not
> getting a new one.  So, he being the powerful doctor will swap the new
> one with his old one.  We then have the wrong location listed on the
> information database for that computer.  We try to correct the situation
> as much as we can but this being a huge hospital, it gets very hard.
> So, what can we do to keep track of any physical movements of the
> computer over the network?  Any suggestions are acceptable.  We just
> can't lock down the computers because of all the movements in
> departments because of construction.
>
> Thomas Graf
> IS Hardware/Software Tech
> (254)724-0155
>
> --------------------------------------------------------------------------
-
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------