RE: About MS-Networking security.
From: Dan Bartley (bartleyd_at_corp.netcarrier.com)
Date: 01/19/04
- Previous message: Cowperthwaite, Eric: "RE: About MS-Networking security."
- Maybe in reply to: Cyber Chiu`: "About MS-Networking security."
- Next in thread: Kim, Cameron: "RE: About MS-Networking security."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Jan 2004 13:23:51 -0500 To: "Kristi Roose" <kroose@vermeermfg.com>, <focus-ms@securityfocus.com>
You can configure DHCP to use reservations and exclude all IPs not
assigned a reservation. This will keep a dynamic IP from being assigned,
however it does not prevent someone from manually configuring their
computer with an unused IP and getting on the network.
A firewall and/or middle man like Internet Security and Acceleration
Server can be used to restrict access based on IP. In the case of ISA
you can restrict by domain logon too.
Best Regards,
Dan Bartley
-----Original Message-----
From: Kristi Roose [mailto:kroose@vermeermfg.com]
Sent: Monday, January 19, 2004 11:04
To: focus-ms@securityfocus.com
Subject: RE: About MS-Networking security.
Does anyone have any solutions to keep a user from plugging into the LAN
from inside the company? Is there a way to restrict DHCP addresses by
MAC address?
Kristi
-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
Sent: Friday, January 16, 2004 7:20 PM
To: Wronski, Michael C (MED); Cyber Chiu`; focus-ms@securityfocus.com
Subject: RE: About MS-Networking security.
Microsoft has a solution where remote users are scanned and verified
clean before they are allowed to create a remote session, either using
VPN or dialup. Their solution is based on Windows Server 2003. I think
Cisco may have a similar solution, at least they should. There may be
others as well.
Denny
-----Original Message-----
From: Wronski, Michael C (MED) [mailto:Michael.Wronski@med.ge.com]
Sent: Thursday, January 15, 2004 5:22 PM
To: 'Cyber Chiu`'; focus-ms@securityfocus.com
Subject: RE: About MS-Networking security.
This is a common problem with no single solution. No matter what you do,
the mobile user is going to be a high risk entity. Education of the
user of their ability to cause harm to their own data and the company
network is a great start. They need to be aware that their actions can
cause catastrophic results. After education, the following are the most
important:
-Install Personal Firewall and AV on all laptops and make sure you
educate the users on the function of the software.
-Lock down the configuration so it cant be disabled by the user
-Enable aggressive live updates (daily) and scans (daily)
-Patching Automation - Before your user leaves the network, their
laptops should be patched with the more recent OS updates.
-Its best of your laptop users can connect to a "sandbox" network on
return to the office or if you can separate all physical connection that
belong to mobile users on a sandbox VLAN. This can be difficult to
manage depending on your current network design.
-M
-----Original Message-----
From: Cyber Chiu` [mailto:cchiu@hotspur.com.hk]
Sent: Sunday, January 11, 2004 3:26 PM
To: focus-ms@securityfocus.com
Subject: About MS-Networking security.
Hi all, I have a question about portable computer security concern. My
company have firewall protection, all desktop are behind firewall.
However, My saleman need to do their business with a Laptop. When
they're in office. They will connect their laptop to our internet.
I think it's danger because we don't know it's infected by virus or not.
can anyone suggest me what to do?
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Cowperthwaite, Eric: "RE: About MS-Networking security."
- Maybe in reply to: Cyber Chiu`: "About MS-Networking security."
- Next in thread: Kim, Cameron: "RE: About MS-Networking security."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
