RE: prohibiting visitors from connecting to network

["Andrew Shore" <andrew.shore () holistecs com>]

Step 1 would be to disable all unused ports on the switches.

If you want to secure DHCP you're going to have to look at IP reservations
and that's a lot of manual work.

-----Original Message-----
From: Cesar Diaz [mailto:cesadiz () yahoo com] 
Sent: 16 October 2005 23:23
To: security-basics () securityfocus com
Subject: prohibiting visitors from connecting to network

List:

My company is looking for a way to prohibit visitors
to our offices from connecting a laptop to a network
port and gaining access to our network.  We have
policies in place prohibiting employees from allowing
this, and have network jacks in our conference
roomsthat are on a seperate VLAN that allows only
access to the Interent.  We still have problems with
visitors connecting to the network.  In one case an
infected laptop started spreading a virus in the
network.

Our network is W2K based and uses DHCP running on a
W2K server.  We do have some Unix and Linux boxes.

What I'm looking for is a way to secure DHCP so that
only our laptops/workstations can get a DHCP address. 
I was thinking of something like EAP used for remote
access with certificates to keep computers without a
certificate from receiving an IP address, but I can
find any information on implementing this.


Any ideas, resources or comments are welcome.

Thanks,

Cesar


                
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/

Attachment: smime.p7s
Description: