Security Basics mailing list archives
RE: prohibiting visitors from connecting to network
From: "McKinley, Jackson" <Jackson.McKinley () team telstra com>
Date: Tue, 18 Oct 2005 09:12:43 +1000
Easyest way to do this is to just turn off the outlets isnt it? Jump on your edge switchs and disable any port that isnt needed by an employee. Ive never seen the point in trying to secure a DNS server in this manner all it takes is 2min on ethereal and you can have the DHCP scope and just ping sweep for an unused IP.. -----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: Monday, 17 October 2005 8:23 AM To: security-basics () securityfocus com Subject: prohibiting visitors from connecting to network List: My company is looking for a way to prohibit visitors to our offices from connecting a laptop to a network port and gaining access to our network. We have policies in place prohibiting employees from allowing this, and have network jacks in our conference roomsthat are on a seperate VLAN that allows only access to the Interent. We still have problems with visitors connecting to the network. In one case an infected laptop started spreading a virus in the network. Our network is W2K based and uses DHCP running on a W2K server. We do have some Unix and Linux boxes. What I'm looking for is a way to secure DHCP so that only our laptops/workstations can get a DHCP address. I was thinking of something like EAP used for remote access with certificates to keep computers without a certificate from receiving an IP address, but I can find any information on implementing this. Any ideas, resources or comments are welcome. Thanks, Cesar __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Current thread:
- Re: prohibiting visitors from connecting to network, (continued)
- Re: prohibiting visitors from connecting to network Saqib Ali (Oct 18)
- Re: prohibiting visitors from connecting to network Nobody Special (Oct 18)
- RE: prohibiting visitors from connecting to network Murad Talukdar (Oct 18)
- Re: prohibiting visitors from connecting to network phunked up! (Oct 18)
- Re: prohibiting visitors from connecting to network Mark Leonard (Oct 18)
- RE: prohibiting visitors from connecting to network Alexander Suhovey (Oct 21)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- Re: prohibiting visitors from connecting to network Terence Summers (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 26)
- Re: prohibiting visitors from connecting to network Fred Cohen (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- RE: prohibiting visitors from connecting to network McKinley, Jackson (Oct 18)
- Re: prohibiting visitors from connecting to network procengaz (Oct 18)
- Re: prohibiting visitors from connecting to network ponchowest (Oct 18)
- RE: prohibiting visitors from connecting to network Andrew Shore (Oct 18)
- Re: prohibiting visitors from connecting to network danny-wang (Oct 18)
- Re: RE: prohibiting visitors from connecting to network K_D_Youens (Oct 18)
- Re: prohibiting visitors from connecting to network Tony Stahler (Oct 18)
- RE: prohibiting visitors from connecting to network amitk (Oct 18)