RE: About MS-Networking security.

From: Lawrence Brownlee (lbrownlee_at_mbnlaw.com)
Date: 01/20/04

Next message: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"

Previous message: Leon, Mauricio (Toronto): "Local Account Vs Domain Account"
Maybe in reply to: Cyber Chiu`: "About MS-Networking security."
Next in thread: Shane Colley: "Microsoft Security (...how to reassure customers of)"
Reply: Shane Colley: "Microsoft Security (...how to reassure customers of)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 Jan 2004 08:37:10 -0500
To: "Dan Bartley" <bartleyd@corp.netcarrier.com>, "Kristi Roose" <kroose@vermeermfg.com>, <focus-ms@securityfocus.com>

What about setting up an "IP hog?" I've seen a setup with a Linux box that
has multiple subnets bound to it's NICs. Basically, you set a whole subnet
(or more) to a card, and then when you want another NIC to have a DHCP lease,
you reduce the range of the DHCP hog by one, and then the new NIC can receive
a lease.

This may be off topic (since it is non-MS) but a spare PII would do the trick
I believe.

//Lawrence Brownlee
//Minor, Bell, and, Neal P.C.

##-----Original Message-----
##From: Dan Bartley [mailto:bartleyd@corp.netcarrier.com]
##Sent: Monday, January 19, 2004 1:24 PM
##To: Kristi Roose; focus-ms@securityfocus.com
##Subject: RE: About MS-Networking security.
##
##
##You can configure DHCP to use reservations and exclude all
##IPs not assigned a reservation. This will keep a dynamic IP
##from being assigned, however it does not prevent someone from
##manually configuring their computer with an unused IP and
##getting on the network.
##
##A firewall and/or middle man like Internet Security and
##Acceleration Server can be used to restrict access based on
##IP. In the case of ISA you can restrict by domain logon too.
##
##Best Regards,
##
##Dan Bartley
##
##-----Original Message-----
##From: Kristi Roose [mailto:kroose@vermeermfg.com]
##Sent: Monday, January 19, 2004 11:04
##To: focus-ms@securityfocus.com
##Subject: RE: About MS-Networking security.
##
##Does anyone have any solutions to keep a user from plugging
##into the LAN from inside the company? Is there a way to
##restrict DHCP addresses by MAC address?
##
##Kristi
##
##
##-----Original Message-----
##From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
##Sent: Friday, January 16, 2004 7:20 PM
##To: Wronski, Michael C (MED); Cyber Chiu`; focus-ms@securityfocus.com
##Subject: RE: About MS-Networking security.
##
##
##Microsoft has a solution where remote users are scanned and
##verified clean before they are allowed to create a remote
##session, either using VPN or dialup. Their solution is based
##on Windows Server 2003. I think Cisco may have a similar
##solution, at least they should. There may be others as well.
##
##Denny
##
##-----Original Message-----
##From: Wronski, Michael C (MED) [mailto:Michael.Wronski@med.ge.com]
##Sent: Thursday, January 15, 2004 5:22 PM
##To: 'Cyber Chiu`'; focus-ms@securityfocus.com
##Subject: RE: About MS-Networking security.
##
##This is a common problem with no single solution. No matter
##what you do, the mobile user is going to be a high risk
##entity. Education of the user of their ability to cause harm
##to their own data and the company network is a great start.
##They need to be aware that their actions can cause
##catastrophic results. After education, the following are the most
##important:
##
##-Install Personal Firewall and AV on all laptops and make
##sure you educate the users on the function of the software.
## -Lock down the configuration so it cant be disabled by the user
## -Enable aggressive live updates (daily) and scans (daily)
##
##-Patching Automation - Before your user leaves the network,
##their laptops should be patched with the more recent OS updates.
##
##-Its best of your laptop users can connect to a "sandbox"
##network on return to the office or if you can separate all
##physical connection that belong to mobile users on a sandbox
##VLAN. This can be difficult to manage depending on your
##current network design.
##
##-M
##
##
##-----Original Message-----
##From: Cyber Chiu` [mailto:cchiu@hotspur.com.hk]
##Sent: Sunday, January 11, 2004 3:26 PM
##To: focus-ms@securityfocus.com
##Subject: About MS-Networking security.
##
##
##
##
##Hi all, I have a question about portable computer security
##concern. My company have firewall protection, all desktop are
##behind firewall. However, My saleman need to do their
##business with a Laptop. When they're in office. They will
##connect their laptop to our internet.
##
##I think it's danger because we don't know it's infected by
##virus or not. can anyone suggest me what to do?
##
##--------------------------------------------------------------
##----------
##---
##--------------------------------------------------------------
##----------
##---
##
##--------------------------------------------------------------
##----------
##---
##--------------------------------------------------------------
##----------
##---
##
##
##
##--------------------------------------------------------------
##----------
##---
##--------------------------------------------------------------
##----------
##---
##
##
##
##
##--------------------------------------------------------------
##----------
##---
##--------------------------------------------------------------
##----------
##---
##
##
##
##
##--------------------------------------------------------------
##-------------
##--------------------------------------------------------------
##-------------
##
##

Confidentiality Note:

This e-mail is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is prohibited. If you have received this e-mail in error, please call the Administrator of Minor, Bell & Neal, P.C. at 706-259-2586 and destroy the original message and all copies.

Next message: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"

Previous message: Leon, Mauricio (Toronto): "Local Account Vs Domain Account"
Maybe in reply to: Cyber Chiu`: "About MS-Networking security."
Next in thread: Shane Colley: "Microsoft Security (...how to reassure customers of)"
Reply: Shane Colley: "Microsoft Security (...how to reassure customers of)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: About MS-Networking security.
... computer with an unused IP and getting on the network. ... A firewall and/or middle man like Internet Security and Acceleration ... Subject: About MS-Networking security. ... My saleman need to do their business with a Laptop. ...
(Focus-Microsoft)
RE: About MS-Networking security.
... It is called the network quarantine and you need the W2K2 resource kit for ... Subject: About MS-Networking security. ... My company have firewall protection, ... My saleman need to do their business with a Laptop. ...
(Focus-Microsoft)
RE: About MS-Networking security.
... users can access your network. ... Subject: About MS-Networking security. ... My saleman need to do their business with a Laptop. ...
(Focus-Microsoft)
Re: Configuration Question
... Get rid of the 3 other nics in the Server. ... Use a compatible address on the laptop, or run a properly configured DHCP ... on the Server and set the laptop's network settings to Automatic. ...
(microsoft.public.win2000.networking)
Re: networking two computer
... Since you mentioned two NICs I assume that the person is using Broadband ... Plug one NIC to the Internet Modem, and make sure that the computer is ... Connect the Laptop with Crossover CAT5e to the second NIC on the ... Internet capable computer.Configure a Network between the two computers. ...
(microsoft.public.windowsxp.network_web)