RE: prohibiting visitors from connecting to network
amitk_at_ingvysyabank.com
Date: 10/18/05
- Previous message: Herman Frederick Ebeling, Jr.: "RE: Hard drives v. CF/Smart media/etc."
- Maybe in reply to: Cesar Diaz: "prohibiting visitors from connecting to network"
- Next in thread: Alexander Suhovey: "RE: prohibiting visitors from connecting to network"
- Maybe reply: K_D_Youens_at_hotmail.com: "Re: RE: prohibiting visitors from connecting to network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: cesadiz@yahoo.com, security-basics@securityfocus.com Date: Wed, 19 Oct 2005 00:53:56 +0530
Hi Cesar,
Port Security is the solution where you dont need any 802.1x
authentication or certificates.... Port security helps you to prevent from
VLAN Hopping, MAC spoofing, etc... For futher security, Give static IP
address and allow that VLAN to go thru Proxy server to internet, so that you
can get logs for that time-period..... Check AV definition, Scan the machine
for Spyware before giving Internet access, etc....
Regards,
Amit Kothari
IT Security Monitoring Team
_____
(iGATE Infrastructure Management Services | http://www.igate.com)
-----Original Message-----
From: Cesar Diaz [mailto:cesadiz@yahoo.com]
Sent: Monday, October 17, 2005 3:53 AM
To: security-basics@securityfocus.com
Subject: prohibiting visitors from connecting to network
List:
My company is looking for a way to prohibit visitors
to our offices from connecting a laptop to a network
port and gaining access to our network. We have
policies in place prohibiting employees from allowing
this, and have network jacks in our conference
roomsthat are on a seperate VLAN that allows only
access to the Interent. We still have problems with
visitors connecting to the network. In one case an
infected laptop started spreading a virus in the
network.
Our network is W2K based and uses DHCP running on a
W2K server. We do have some Unix and Linux boxes.
What I'm looking for is a way to secure DHCP so that
only our laptops/workstations can get a DHCP address.
I was thinking of something like EAP used for remote
access with certificates to keep computers without a
certificate from receiving an IP address, but I can
find any information on implementing this.
Any ideas, resources or comments are welcome.
Thanks,
Cesar
__________________________________
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
- text/plain attachment: InterScan_Disclaimer.txt
- Previous message: Herman Frederick Ebeling, Jr.: "RE: Hard drives v. CF/Smart media/etc."
- Maybe in reply to: Cesar Diaz: "prohibiting visitors from connecting to network"
- Next in thread: Alexander Suhovey: "RE: prohibiting visitors from connecting to network"
- Maybe reply: K_D_Youens_at_hotmail.com: "Re: RE: prohibiting visitors from connecting to network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
