Re: prohibiting visitors from connecting to network

[xyberpix <xyberpix () xyberpix com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bundle that with EAP-TLS or EAP-TTLS and you're all set.

xyberpix

On 18 Oct 2005, at 00:09, Kelly Lucas wrote:

> 802.1x security should prevent this, as it requires the  
> registration of every MAC address before network access is allowed.
>
> Cesar Diaz wrote:
>
>
> > List:
> >
> > My company is looking for a way to prohibit visitors
> > to our offices from connecting a laptop to a network
> > port and gaining access to our network.  We have
> > policies in place prohibiting employees from allowing
> > this, and have network jacks in our conference
> > roomsthat are on a seperate VLAN that allows only
> > access to the Interent.  We still have problems with
> > visitors connecting to the network.  In one case an
> > infected laptop started spreading a virus in the
> > network.
> >
> > Our network is W2K based and uses DHCP running on a
> > W2K server.  We do have some Unix and Linux boxes.
> >
> > What I'm looking for is a way to secure DHCP so that
> > only our laptops/workstations can get a DHCP address. I was  
> > thinking of something like EAP used for remote
> > access with certificates to keep computers without a
> > certificate from receiving an IP address, but I can
> > find any information on implementing this.
> >
> >
> > Any ideas, resources or comments are welcome.
> >
> > Thanks,
> >
> > Cesar
> >
> >
> >
> > __________________________________ Yahoo! Music Unlimited Access  
> > over 1 million songs. Try it free.
> > http://music.yahoo.com/unlimited/
>
>
> --
> Kelly D. Lucas
> lucaskeli () fastmail fm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDVXWYcRMkOnlkwMERAizgAJ9ON7aL+K4RQI5lw03/PAFBbbvQiACfUXNT
CrbGpR+kfG3VUmX9K3Hr4vg=
=oG0j
-----END PGP SIGNATURE-----