Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: prohibiting visitors from connecting to network

From: "McKinley, Jackson" <Jackson.McKinley () team telstra com>
Date: Tue, 18 Oct 2005 09:12:43 +1000
Easyest way to do this is to just turn off the outlets isnt it?

Jump on your edge switchs and disable any port that isnt needed by an
employee. 

Ive never seen the point in trying to secure a DNS server in this manner
all it takes is 2min on ethereal and you can have the DHCP scope and
just ping sweep for an unused IP..

-----Original Message-----
From: Cesar Diaz [mailto:cesadiz () yahoo com] 
Sent: Monday, 17 October 2005 8:23 AM
To: security-basics () securityfocus com
Subject: prohibiting visitors from connecting to network

List:

My company is looking for a way to prohibit visitors to our offices from
connecting a laptop to a network port and gaining access to our network.
We have policies in place prohibiting employees from allowing this, and
have network jacks in our conference roomsthat are on a seperate VLAN
that allows only access to the Interent.  We still have problems with
visitors connecting to the network.  In one case an infected laptop
started spreading a virus in the network.

Our network is W2K based and uses DHCP running on a W2K server.  We do
have some Unix and Linux boxes.

What I'm looking for is a way to secure DHCP so that only our
laptops/workstations can get a DHCP address. 
I was thinking of something like EAP used for remote access with
certificates to keep computers without a certificate from receiving an
IP address, but I can find any information on implementing this.


Any ideas, resources or comments are welcome.

Thanks,

Cesar


                
__________________________________
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
Previous By Date Next
Previous By Thread Next

Current thread: