Security Basics mailing list archives
RE: prohibiting visitors from connecting to network
From: "Alexander Suhovey" <asuhovey () mtu-net ru>
Date: Thu, 20 Oct 2005 23:00:45 +0400
What I'm looking for is a way to secure DHCP so that only our laptops/workstations can get a DHCP address. I was thinking of something like EAP used for remote access with certificates to keep computers without a certificate from receiving an IP address, but I can find any information on implementing this.
For this you could try to implement DHCP Class ID as described in following article: http://techrepublic.com.com/5100-1035_11-5498436.html# This solution is quite simple but it has it's limitations. Obviously it will not prevent a knowledgeable user from configuring static IP for laptop and connecting to your network without talking to your DHCP. Or as another path (s)he could figure out class id from one of corporate computers if (s)he has physical access to one of them or possibly by sniffing network traffic for DHCP broadcast messages. You could have much better protection by using products like Cisco's Network Admission Control (NAC) [1] but this will require much more investments. [1] Cisco NAC. The Development of the Self-Defending Network http://www.cisco.com/warp/public/cc/so/neso/sqso/csdni_wp.htm -- Al
Current thread:
- prohibiting visitors from connecting to network Cesar Diaz (Oct 17)
- Re: prohibiting visitors from connecting to network Kelly Lucas (Oct 18)
- Re: prohibiting visitors from connecting to network xyberpix (Oct 18)
- Re: prohibiting visitors from connecting to network Kurt Buff (Oct 18)
- Re: prohibiting visitors from connecting to network Saqib Ali (Oct 18)
- Re: prohibiting visitors from connecting to network Nobody Special (Oct 18)
- RE: prohibiting visitors from connecting to network Murad Talukdar (Oct 18)
- Re: prohibiting visitors from connecting to network phunked up! (Oct 18)
- Re: prohibiting visitors from connecting to network Mark Leonard (Oct 18)
- RE: prohibiting visitors from connecting to network Alexander Suhovey (Oct 21)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- Re: prohibiting visitors from connecting to network Terence Summers (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 26)
- Re: prohibiting visitors from connecting to network Fred Cohen (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- Re: prohibiting visitors from connecting to network Kelly Lucas (Oct 18)
- <Possible follow-ups>
- RE: prohibiting visitors from connecting to network McKinley, Jackson (Oct 18)
- Re: prohibiting visitors from connecting to network procengaz (Oct 18)
- Re: prohibiting visitors from connecting to network ponchowest (Oct 18)
- RE: prohibiting visitors from connecting to network Andrew Shore (Oct 18)
- Re: prohibiting visitors from connecting to network danny-wang (Oct 18)
- Re: RE: prohibiting visitors from connecting to network K_D_Youens (Oct 18)