Security Basics mailing list archives

RE: Deny client from obtaining IP address

From: "Dubber, Drew B" <drew.dubber () eds com>
Date: Fri, 28 Jul 2006 15:10:39 +0100

Hi
 
The classic way in the past was to use reservations. But its far too
easy to spoof MAC addresses and you need to keep a spare range for your
roaming laptop users (unless you want an admin nightmare), which kind of
defeats its purpose! So in summary its a crock :) I'd look to 802.1x
authentication for this kind of requirement. Alternatively Cisco/MS do
some quarantine type products (haven't looked at them though). You could
also setup a ipsec group policy on your pc's/servers which prevents
rogue computers connecting even though they can get an IP address.
MetaIP also appears to have the kind of functionality you are after
(http://www.metainfo.com)
 
Hope that helps
 
Drew

________________________________

From: rolando_ruiz () jetaviation com [mailto:rolando_ruiz () jetaviation com]
Sent: Thu 27/07/2006 17:24
To: security-basics () securityfocus com
Subject: Deny client from obtaining IP address



Hello all,

Is there a way that in DHCP or so, one can deny a client computer from
obtaining an IP address? We use Microsoft servers ADS environment and
I'd like to allow only those we want to obtain
an IP address. I don't want to make it too restricted where authorized
users are unable to connect. I'm sure there are some 3rd party apps that
can handle this and I welcome suggestions on those also. This is a
solution for denying connectivity to outsiders.

Thank you



------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Deny client from obtaining IP address rolando_ruiz (Jul 27)
- RE: Deny client from obtaining IP address Demi (Jul 28)
- Re: Deny client from obtaining IP address Maurice Smit (Jul 28)
- Re: Deny client from obtaining IP address Nathan Sportsman (Jul 28)
- RE: Deny client from obtaining IP address Thomas D. (Jul 28)
- Re: Deny client from obtaining IP address Andrew Wheeler (Jul 28)
- Re: Deny client from obtaining IP address Ansgar -59cobalt- Wiechers (Jul 28)
- Re: Deny client from obtaining IP address List Spam (Jul 28)
- RE: Deny client from obtaining IP address Dubber, Drew B (Jul 31)
- Re: Deny client from obtaining IP address Nathan Sportsman (Jul 31)
  - Re: Deny client from obtaining IP address Balaji Prasad (Jul 31)
- <Possible follow-ups>
- RE: Deny client from obtaining IP address Crawley, Jim (Jul 28)
- Re: Deny client from obtaining IP address chris (Jul 28)
- Re: RE: Deny client from obtaining IP address snuffy (Jul 31)