Fw: MAC level authentication or filtering

["GUs" <rootz () fibertel com ar>]

Cheap and easy, you can Turn on Dhcp Server  with MAC asociated to ip
addresses (in linux or windows server)
So, when one client plug his notebook into your network, his out.
But, this is the half part, you must to put some filter at IP level on the
server or in front, so you  filter those allowed ip addresses.
The idea is like a cablemodem network, if the MAC in your cablemodem isn't
in the database, you're out. (but Cmodem have a dhcp client, and no chance
to turn off)
More ideas?
Saludos Brother.
GUs.T.
Sys Admin

> ----- Original Message ----- 
> From: "David Nardoni" <dnardoni () firstresponseconsulting com>
> To: <security-basics () securityfocus com>
> Sent: Thursday, October 07, 2004 1:53 PM
> Subject: MAC level authentication or filtering
>
>
> > I need a solution that will allow me to prevent a user from coming in to
> my
> > office and plugging in a laptop and gaining access to the network.
> >
> > I have users that are currently using thin clients to connect to the
main
> > server to do all their processing.  If a legitimate user turns bad and
> > decides to bring in a system (laptop) from home and connect it to the
> > network and proceed to use their proper username and password to gather
> > information from terminal services, I want to be able to recognize that
> they
> > have plugged in an unauthorized system and keep them from gaining access
> to
> > the network.
> >
> > I welcome all ideas no matter what vendor solution or no matter how
simple
> > or complex.  If you need more info on the situation let me know.
> >
> >
> > Dave Nardoni CISSP
> > First Response Consulting Services, Inc.
> > dnardoni () firstresponseconsulting com