Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: prohibiting visitors from connecting to network

From: Murad Talukdar <talukdar_m () subway com>
Date: Tue, 18 Oct 2005 15:32:15 +1000
Physically disconnecting jacks at the other end(switch/hub/patch panel) is a
good place to start--may not be practical if you have massive company or
lots of users who need to move around within the office with notebooks.
If you know you need access, hook it up.

Regards
Murad Talukdar

-----Original Message-----
From: Cesar Diaz [mailto:cesadiz () yahoo com] 
Sent: Monday, October 17, 2005 8:23 AM
To: security-basics () securityfocus com
Subject: prohibiting visitors from connecting to network

List:

My company is looking for a way to prohibit visitors
to our offices from connecting a laptop to a network
port and gaining access to our network.  We have
policies in place prohibiting employees from allowing
this, and have network jacks in our conference
roomsthat are on a seperate VLAN that allows only
access to the Interent.  We still have problems with
visitors connecting to the network.  In one case an
infected laptop started spreading a virus in the
network.

Our network is W2K based and uses DHCP running on a
W2K server.  We do have some Unix and Linux boxes.

What I'm looking for is a way to secure DHCP so that
only our laptops/workstations can get a DHCP address. 
I was thinking of something like EAP used for remote
access with certificates to keep computers without a
certificate from receiving an IP address, but I can
find any information on implementing this.


Any ideas, resources or comments are welcome.

Thanks,

Cesar


                
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
Previous By Date Next
Previous By Thread Next

Current thread: