Re: How to securing endpoints?



We do the MAC locking option and set static reservations in DHCP. It was a
LOT of work to set up, but maintaining it isn't too bad if you script the
changes.




"Mario Platt"
<mplatt@xxxxxxxxx
> To
Sent by: "Jaime Ruiz" <jruiz@xxxxxxxxxxxx>
listbounce@securi cc
tyfocus.com WALI <hkhasgiwale@xxxxxxxxx>,
Subject
Re: How to securing endpoints?
01/23/2007 06:51
PM








The Cisco solution can also be clientless. And it's also independent
of the operating system as in windows, mac ox, and linux. I suppose
things can be arranged for the rest of the OSs...

On 1/23/07, Jaime Ruiz <jruiz@xxxxxxxxxxxx> wrote:
You sould take a look at the NAC technology from Mirage Networks. This is
a clientless aproach to NAC in opposite to Cisco and independant of the
operating system.

http://www.miragenetworks.com

Regards,

Jaime Ruiz V.
============================================================
Jaime Ruiz Villegas
Gerente de Proyectos Especiales, NeoSecure S.A. - Web:
www.neosecure.net
Email: jruiz@xxxxxxxxxxxx - Phone:+56.2 2905919 - Mobile:+56.9 7995848
CHILE - Phone:+56-2.2905900, Fax:+56.2 2905959
Providencia 1760 Of. 1601, Santiago. CP7500498
ARGENTINA - Phone:+54-11.48501310, Fax:+54.11.48501201
Bouchard 557/599 Piso 20 C 1106 ABG, Buenos Aires
===================== Nota de Confidencialidad ==================
La información contenida en este mail es confidencial y ha sido enviada
en
forma exclusiva al destinatario del mismo, quién no debe divulgarla sin
previo consentimiento de NeoSecure.
============================================================


-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de WALI
Enviado el: Sábado, 20 de Enero de 2007 3:59
Para: security-basics@xxxxxxxxxxxxxxxxx
Asunto: How to securing endpoints?


Seeking pointers on how to secure endpoints within the LAN.

With an AD domain running, without any Radius authentication mechanism, I
am wondering whether it would be worth investing yet, in the nascent
Microsoft/CISCO NAC technology.

My main concern is, to find ways to prohibit anyone/everyone to be able
to just plugin their PC/laptop into the UTP wall socket and get a lease
from my DHCP servers. We are looking at a network of about 1000 pc's here.

MAC learning and locking at the switch layer is an option but I foresee a
huge administrative overhead in my scenerio where helpdesk rolls out
several new PC's daily.

Any other options??



Relevant Pages

  • Re: Preventing DHCP from allocating IPs
    ... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ...
    (Security-Basics)
  • Re: Secure your DHCP
    ... I can only think of allocating via dhcp reservation using network card ... Create an exclusion of your whole DHCP scope (So no IP's are free to be ... assign each mac address an Ip address from what was in your pool. ...
    (microsoft.public.windows.server.sbs)
  • Re: static IP addresses on LAN
    ... One Mac is an intel iMac, ... it is connected to the network and internet... ... If I instead configure it to use DHCP, then it gets assigned the wrong IP ... The other possibility is that you have more than 1 router. ...
    (comp.sys.mac.system)
  • Re: works on desk computer but not on wireless laptop
    ... RARP server, the DHCP server, or manually? ... So I chose that and now it wants to know the DHCP Client ID. ... And a 12 character number like a Mac ID. ... The OEM computer MAC address is the same as the DHCP ...
    (alt.internet.wireless)
  • Re: Iptables port 5353 -
    ... I would think she must have access to the DNS server provided by ... don't recall what was done and I am lost whenever I use her Mac ... ... server supplied by the DHCP server. ...
    (Fedora)