Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: prohibiting visitors from connecting to network

From: phunked up! <phunkodelic () gmail com>
Date: Tue, 18 Oct 2005 08:53:52 -0400
Try using port security on your switches.  You can make it so that
each port will ONLY accept traffic form ONE mac address.  If the
traffic does not match the MAC address for the port, the switch drops
it.

On 10/16/05, Cesar Diaz <cesadiz () yahoo com> wrote:

List:

My company is looking for a way to prohibit visitors
to our offices from connecting a laptop to a network
port and gaining access to our network.  We have
policies in place prohibiting employees from allowing
this, and have network jacks in our conference
roomsthat are on a seperate VLAN that allows only
access to the Interent.  We still have problems with
visitors connecting to the network.  In one case an
infected laptop started spreading a virus in the
network.

Our network is W2K based and uses DHCP running on a
W2K server.  We do have some Unix and Linux boxes.

What I'm looking for is a way to secure DHCP so that
only our laptops/workstations can get a DHCP address.
I was thinking of something like EAP used for remote
access with certificates to keep computers without a
certificate from receiving an IP address, but I can
find any information on implementing this.


Any ideas, resources or comments are welcome.

Thanks,

Cesar



__________________________________
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
Previous By Date Next
Previous By Thread Next

Current thread: