Security Basics mailing list archives
RE: Physical Computer Location
From: "Jason Chung-Tung" <jason.chung-tung () excendis com>
Date: Tue, 26 Aug 2003 11:38:57 -0400
One more neat feature that Cisco (among other vendors) has implemented is Port Security. You can (among other things) restrict use of the port based on MAC address. This will require the user to notify you (the administrator) of the move. You need to consider this carefully, as this cold turn out to be an administrative nightmare if you do not have the resource to manage this task in a very dynamic environment. -----Original Message----- From: John R. Morris [mailto:bishop () lycurgus nerdality com] Sent: Monday, August 25, 2003 12:43 PM To: Thomas Graf Cc: security-basics () securityfocus com Subject: Re: Physical Computer Location These computers are on a network, so presumably they have network cards. Keep a record of the MAC address, associated in a database with the machine info (and who you gave it to, what network port it is plugged into). Combined with a wiring diagram of your network ports, you can then know where you plugged it in, and find it by querying your switches when it moves on you. Cisco and other major switch vendors all have ways to not only see what MAC address is plugged into what port, but also do other neat things based on that, like dynamic VLAN assignment. You could easily write a script the compares the "live" ports things are on with their database ones, and e-mails you any changes. - John On Mon, 25 Aug 2003, Thomas Graf wrote:
Hello everyone! I am a newbie trying to make some in-roads in the network security department. I work at a hospital with approximately 1000 users but about 3000 computers. We are currently rolling out new computers and are having problems after they are installed. For example, we replace the secretary's computer but the doctor is fussing because he is not getting a new one. So, he being the powerful doctor will swap the new one with his old one. We then have the wrong location listed on the information database for that computer. We try to correct the situation as much as we can but this being a huge hospital, it gets very hard. So, what can we do to keep track of any physical movements of the computer over the network? Any suggestions are acceptable. We just can't lock down the computers because of all the movements in departments because of construction. Thomas Graf IS Hardware/Software Tech (254)724-0155 --------------------------------------------------------------------------
-
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September
6.Visit us: www.blackhat.com
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Physical Computer Location Thomas Graf (Aug 25)
- Re: Physical Computer Location John R. Morris (Aug 26)
- RE: Physical Computer Location Jason Chung-Tung (Aug 26)
- RE: Physical Computer Location Zachary Mutrux (Aug 28)
- RE: Physical Computer Location Kevin Ashurst (Aug 26)
- Re: Physical Computer Location Pete Hunt (Aug 26)
- Re: Physical Computer Location Charley Hamilton (Aug 26)
- <Possible follow-ups>
- RE: Physical Computer Location Tim Donahue (Aug 26)
- RE: Physical Computer Location Christopher Black (Aug 28)
- RE: Physical Computer Location David Sommers (Aug 28)
- Re: Physical Computer Location John R. Morris (Aug 26)