Security Basics mailing list archives
RE: prohibiting visitors from connecting to network
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Tue, 18 Oct 2005 08:51:07 +0100
Step 1 would be to disable all unused ports on the switches. If you want to secure DHCP you're going to have to look at IP reservations and that's a lot of manual work. -----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: 16 October 2005 23:23 To: security-basics () securityfocus com Subject: prohibiting visitors from connecting to network List: My company is looking for a way to prohibit visitors to our offices from connecting a laptop to a network port and gaining access to our network. We have policies in place prohibiting employees from allowing this, and have network jacks in our conference roomsthat are on a seperate VLAN that allows only access to the Interent. We still have problems with visitors connecting to the network. In one case an infected laptop started spreading a virus in the network. Our network is W2K based and uses DHCP running on a W2K server. We do have some Unix and Linux boxes. What I'm looking for is a way to secure DHCP so that only our laptops/workstations can get a DHCP address. I was thinking of something like EAP used for remote access with certificates to keep computers without a certificate from receiving an IP address, but I can find any information on implementing this. Any ideas, resources or comments are welcome. Thanks, Cesar __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Attachment:
smime.p7s
Description:
Current thread:
- Re: prohibiting visitors from connecting to network, (continued)
- Re: prohibiting visitors from connecting to network phunked up! (Oct 18)
- Re: prohibiting visitors from connecting to network Mark Leonard (Oct 18)
- RE: prohibiting visitors from connecting to network Alexander Suhovey (Oct 21)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- Re: prohibiting visitors from connecting to network Terence Summers (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 26)
- Re: prohibiting visitors from connecting to network Fred Cohen (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- RE: prohibiting visitors from connecting to network McKinley, Jackson (Oct 18)
- Re: prohibiting visitors from connecting to network procengaz (Oct 18)
- Re: prohibiting visitors from connecting to network ponchowest (Oct 18)
- RE: prohibiting visitors from connecting to network Andrew Shore (Oct 18)
- Re: prohibiting visitors from connecting to network danny-wang (Oct 18)
- Re: RE: prohibiting visitors from connecting to network K_D_Youens (Oct 18)
- Re: prohibiting visitors from connecting to network Tony Stahler (Oct 18)
- RE: prohibiting visitors from connecting to network amitk (Oct 18)