RE: MAC level authentication or filtering

["Paris E. Stone" <pstone () alhurra com>]

Cisco / Foundry, provide Port Security.  

Cisco URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/conf
ig/sec_port.htm

Foundry URL:

http://www.foundrynet.com/services/documentation/security/MAC-port-secur
ity.html

Define the MAC address allowed to transmit, then define what to do if a
violation occurs.  Syslog errors and your syslog server will log the
violation.


New enhancements in XP allow EAP authentication, as well.  Basically the
Switch will allow the workstation to transmit "Authentication" packets
only and if successful, allow the port to fully activate.


~~~~~
Paris E. Stone, "Linux Zealot"
CISSP, CCNP, CNE, MCSE, CIW Master Administrator
~~~~~
"Not all who wander are lost."
J.R.R.T.

-----Original Message-----
From: David Nardoni [mailto:dnardoni () firstresponseconsulting com] 
Sent: Thursday, October 07, 2004 12:54 PM
To: security-basics () securityfocus com
Subject: MAC level authentication or filtering

I need a solution that will allow me to prevent a user from coming in to
my
office and plugging in a laptop and gaining access to the network.

I have users that are currently using thin clients to connect to the
main
server to do all their processing.  If a legitimate user turns bad and
decides to bring in a system (laptop) from home and connect it to the
network and proceed to use their proper username and password to gather
information from terminal services, I want to be able to recognize that
they
have plugged in an unauthorized system and keep them from gaining access
to
the network.

I welcome all ideas no matter what vendor solution or no matter how
simple
or complex.  If you need more info on the situation let me know.  


Dave Nardoni CISSP
First Response Consulting Services, Inc.
dnardoni () firstresponseconsulting com