Re: iptables block mac



MDK wrote:
well how would you block out ppl then? most if not all the users here are NOT IT geeks and will never be it, they can hardly set their email servers correctly.

Old Guy covered it fairly well. Good network and change management to ensure unused network ports are not used. You can do this with MAC filtering on a switch but that does not make it good policy to control access on a router. A good logging encrypted proxy. Obviously, you have to tell your users you are logging. Any administrative servers should be completely inaccesible from the rest of the network.
Clear acceptable use policy. Users MUST be made aware of what they can and can't do on your network. You must make users responsible for their actions, if not, the network OWNER may be held accountable - it would depend on the laws in your country.

Don't think for one second that because not many of your users are technically proficient that you will have no problems. You only need one technically proficient user to tell the rest of them or one inquisitive user to do the research. It sounds as though your userbase may be well versed in research.

Bogwitch.
.



Relevant Pages

  • Re: No Shut Down or Restart for Domain Admins
    ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    (microsoft.public.windows.server.active_directory)
  • Re: EventID 1054 from Userenv for startup script
    ... So if you said "some machines don't have full access to the network ... at startup" the GPO's seems not to apply correct. ... startup script policy. ...
    (microsoft.public.windows.group_policy)
  • Re: COBOL is Number One
    ... used for policy discussions across companies and continents. ... The Network empowers this. ... about the users using spreadsheets but was more worried about the fact ... My point was that there is increasing computer literacy in the work ...
    (comp.lang.cobol)
  • Re: Hang @ Applying Computer Settings/Applying Your Personal Setti
    ... It would appear the you have ruled out network connectivity problems ... >> Policy that has had changes but that should not happen every time unless ... >> computers having a gigabit network adapter. ... Policies are being created and maintained only on ...
    (microsoft.public.windows.group_policy)
  • Re: EventID 1054 from Userenv for startup script
    ... in the right window "Group policy Inheritance tab", ... Those two contain the requirement to "Wait for network before ... where the startup script did run but the deployment GPO would not. ...
    (microsoft.public.windows.group_policy)