Security Basics mailing list archives
Re: Blocking Access to Non-domain computers
From: Rob Hughes <rob () robhughes com>
Date: Tue, 24 Aug 2004 05:30:17 -0500
On Thursday 19 August 2004 09:58, Brian Gehrke wrote:
I am running a W2K domain, using DHCP. Is it possible to block non-domain computers from getting an IP address from the DHCP server, so they will not be able to access the Internet through the network. Brian
I can see two ways to do this. One, assign all the systems a static lease, then create an exclusion so that there are no free addresses available. Two, implement port security at the switches so that only authorized MAC addresses can connect to the network. But so far as I'm aware, there's no way to limit DHCP assignments to domain members, as the server has no way to know if you're a domain member or not until the system has gotten an IP and can send its credentials. If someone else has a better idea, I'd love to hear it. -- Recursion: n. See Recursion --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Blocking Access to Non-domain computers Brian Gehrke (Aug 23)
- Re: Blocking Access to Non-domain computers Ansgar -59cobalt- Wiechers (Aug 24)
- Re: Blocking Access to Non-domain computers Andreas (Aug 24)
- Re: Blocking Access to Non-domain computers Peter Wohlers (Aug 25)
- Re: Blocking Access to Non-domain computers Rob Hughes (Aug 24)
- Re: Blocking Access to Non-domain computers Oleksandr Darchuk (Aug 25)
- Re: Blocking Access to Non-domain computers Alexandre Verriere (Aug 31)
- <Possible follow-ups>
- RE: Blocking Access to Non-domain computers Steven A. Fletcher (Aug 25)
- RE: Blocking Access to Non-domain computers Raoul Armfield (Aug 25)
- Re: Blocking Access to Non-domain computers Richard Boswell (Aug 26)
- Re: Blocking Access to Non-domain computers Don Voss (Aug 30)
- RE: Blocking Access to Non-domain computers Dan and Liz Boyson (Aug 30)
- Re: Blocking Access to Non-domain computers Balaji Prasad (Aug 31)
- RE: Blocking Access to Non-domain computers Raoul Armfield (Aug 25)
- RE: Blocking Access to Non-domain computers Steven A. Fletcher (Aug 25)
- RE: Blocking Access to Non-domain computers Barrie Dempster (Aug 30)
(Thread continues...)