Security Basics mailing list archives
RE: prohibiting visitors from connecting to network
From: amitk () ingvysyabank com
Date: Wed, 19 Oct 2005 00:53:56 +0530
Hi Cesar, Port Security is the solution where you dont need any 802.1x authentication or certificates.... Port security helps you to prevent from VLAN Hopping, MAC spoofing, etc... For futher security, Give static IP address and allow that VLAN to go thru Proxy server to internet, so that you can get logs for that time-period..... Check AV definition, Scan the machine for Spyware before giving Internet access, etc.... Regards, Amit Kothari IT Security Monitoring Team _____ (iGATE Infrastructure Management Services | http://www.igate.com) -----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: Monday, October 17, 2005 3:53 AM To: security-basics () securityfocus com Subject: prohibiting visitors from connecting to network List: My company is looking for a way to prohibit visitors to our offices from connecting a laptop to a network port and gaining access to our network. We have policies in place prohibiting employees from allowing this, and have network jacks in our conference roomsthat are on a seperate VLAN that allows only access to the Interent. We still have problems with visitors connecting to the network. In one case an infected laptop started spreading a virus in the network. Our network is W2K based and uses DHCP running on a W2K server. We do have some Unix and Linux boxes. What I'm looking for is a way to secure DHCP so that only our laptops/workstations can get a DHCP address. I was thinking of something like EAP used for remote access with certificates to keep computers without a certificate from receiving an IP address, but I can find any information on implementing this. Any ideas, resources or comments are welcome. Thanks, Cesar __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Attachment:
InterScan_Disclaimer.txt
Description:
Current thread:
- Re: prohibiting visitors from connecting to network, (continued)
- Re: prohibiting visitors from connecting to network Terence Summers (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 26)
- Re: prohibiting visitors from connecting to network Fred Cohen (Oct 25)
- RE: prohibiting visitors from connecting to network McKinley, Jackson (Oct 18)
- Re: prohibiting visitors from connecting to network procengaz (Oct 18)
- Re: prohibiting visitors from connecting to network ponchowest (Oct 18)
- RE: prohibiting visitors from connecting to network Andrew Shore (Oct 18)
- Re: prohibiting visitors from connecting to network danny-wang (Oct 18)
- Re: RE: prohibiting visitors from connecting to network K_D_Youens (Oct 18)
- Re: prohibiting visitors from connecting to network Tony Stahler (Oct 18)
- RE: prohibiting visitors from connecting to network amitk (Oct 18)