Re: How to deny DHCP server to lease IP addresses to workstations NOT in AD ?
From: Chris Henke (chenke_at_cerc.cr.usgs.gov)
Date: 09/05/03
- Next message: Toby Considine: "Embedded Systems Management"
- Previous message: Peter Afonin: "Cannot change "Impersonate a client after authentication" settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Sep 2003 12:45:22 -0500
There's a way to use the 802.1x port authentication with the RADIUS portion
of IAS and Certificat Services to authenticate computers requesting DHCP
addresses but I'm not sure of the details. Perhaps this article will help:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/5min/5min-303.asp
"Johnny Niska" <delete-this-jnis@delete-this.adm.ku.dk> wrote in message
news:O9UDd8XODHA.2096@TK2MSFTNGP12.phx.gbl...
> Hi,
> I run a medium size W2K network with AD. A few weeks ago we had a hacker
> attack from inside of the firewall. The problem was a user that had
brought
> a foreign non-domain member laptop into the network - and the laptop had
> been hacked from before it was connected to our network.
>
> Q: What is the best method to prevent foreign workstations to get a DHCP
> lease from my W2K server ?
>
> Any good ideas ?
>
> Regards
>
>
> Johnny Niska
>
> System administrator
> --------------------------------------------------
> Faculty of Health Sciences
> University of Copenhagen
> Denmark
>
>
>
- Next message: Toby Considine: "Embedded Systems Management"
- Previous message: Peter Afonin: "Cannot change "Impersonate a client after authentication" settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
