Re: Blocking Access to Non-domain computers

From: Don Voss (voss_at_albany.edu)
Date: 08/27/04

  • Next message: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA: "U.S. National Security Awareness Day (NSAD)" 
    Date: Fri, 27 Aug 2004 06:05:03 -0400
To: "Raoul Armfield"@smtp.albany.edu

    Have you considered using a dhcp authorization method like netreg ?

    http://www.netreg.org/

    It, netreg, can do much more .. such as check on win patch levels
    before, notify & redirect before allowing a device on the wire .. but at
    its base level it can authenticate against a pop server for a valid
    account [user account list], harvest the mac address, allow static name
    generation, etc. I think it can be linked to ldap instead of pop ..
    check it out.

    /don

    Raoul Armfield wrote:
    > :-----Original Message-----
    > :From: Steven A. Fletcher [mailto:sfletcher@integrityts.com]
    > :Sent: Wednesday, August 25, 2004 12:54 AM
    > :To: Andreas; security-basics@securityfocus.com
    > :Subject: RE: Blocking Access to Non-domain computers
    > :
    > :That is the only option I can think of. If you think about it, how
    > :could you keep non-domain computers from getting an IP address? As far
    > :as I know, there is no provision in DHCP for such control. For the
    > :system to determine whether or not to give the machine an address, the
    > :machine would need to be able to communicate with the domain
    > :controllers, which would require an IP address for the communication to
    > :be able to happen.
    > :
    >
    > I am a newbie so go easy on me. But should it not be possible to setup
    > some type of proxy server that relies on domain authentication to allow
    > access to the internet?
    >
    > Raoul
    >
    >
    > ---------------------------------------------------------------------------
    > Computer Forensics Training at the InfoSec Institute. All of our class sizes
    > are guaranteed to be 12 students or less to facilitate one-on-one
    > interaction with one of our expert instructors. Gain the in-demand skills of
    > a certified computer examiner, learn to recover trace data left behind by
    > fraud, theft, and cybercrime perpetrators. Discover the source of computer
    > crime and abuse so that it never happens again.
    >
    > http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > ----------------------------------------------------------------------------
    >
    > 

    -- 
______________________________________________________________
Donald W. Voss                              voss@albany.edu
Sr.Systems Analyst
AS218 Geography Department
The University at Albany
Albany, NY, USA 12222
It is not news, it is entertainment.
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
  • Next message: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA: "U.S. National Security Awareness Day (NSAD)"