Re: Unauthorized workstation connections to network...

From: Stuart Mackie [MCSE MCSA] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 02/04/05 

Date: Fri, 4 Feb 2005 22:49:53 -0000

Hi Gary. You could implementing IPSec so that only authenticated
workstations & servers could communicate. Since your in a domain
environment IPSec with Kerberos would be the best combination, although you
could use Certificates as well if required. Some IPSec deployment guides
can be found on http://www.microsoft.com/ipsec. IPSec is quite straight
forward to implement, the link below is a step by step guide for
implementing IPSec on Windows 2000

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp

You should also make sure an acceptable use policy is made available to
pupils, employees etc and they are aware of the consequences if they are
broken. 

-- 
Hth,
Stuart Mackie
www.stu.uk.com
MCSE: Sec  MCSA: Sec
"Mark Gamache" <mark.gamache@css-security.com> wrote in message 
news:%234uMIvvCFHA.868@TK2MSFTNGP10.phx.gbl...
> only a technology like 802.1X can keep unauthorized connections off of the 
> network.  It requires a switch that is compliant and an IAS server.
>
>
> Cheers,
>
> -- 
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "GaryH" <hornbeck@siskiyous.edu> wrote in message 
> news:uRfOrSvCFHA.2600@TK2MSFTNGP09.phx.gbl...
>> Hello all,
>> From time to time we see workstation connections to the network that are 
>> not
>> joined to the domain.  Does anyone know how these machines can be bumped 
>> off
>> the network?
>> Thanks,
>> Gary
>>
>>
>
>

Relevant Pages

  • Re: Win2003 Servers hidden from Network Browse list when using IPSec
    ... You did not state what filter rules are in use in the IPsec defs, ... You are allowing a Domain Master Browser to exist. ... IPSec where they are supposed to, and all show up in the Network ... My Windows 2003 Servers (member servers, ...
    (microsoft.public.windows.server.security)
  • Re: Securing Communication Between Domain Members and their Domain Controllers
    ... look into using an ipsec tunnel into a gateway computer or ipsec endpoint device or ... > located stand alone servers. ... > integrte them into a single secure Active Directory Domain. ... > member servers to communicate this way, looking through the MS tech. support ...
    (microsoft.public.win2000.security)
  • Re: OU GPO Corrupts 2003 Servers only??
    ... have impact on the Servers OU. ... then you are looking at the effect of the default behaviors of IPsec ... In W2k3 the IPsec Policy Agent will block inbound during the boot ... inbound and outbound TCP/IP network traffic that is not permitted by ...
    (microsoft.public.windows.group_policy)
  • Win2003 Servers hidden from Network Browse list when using IPSec
    ... computers in that OU to use IPSec. ... in the Domain Controllers OU, and are exempted completely from IPSec, ... IPSec where they are supposed to, and all show up in the Network ... My Windows 2003 Servers (member servers, ...
    (microsoft.public.windows.server.security)
  • OU GPO Corrupts 2003 Servers only??
    ... I setup a GPO on the Servers OU and began moving servers into it a ... connectivity to it, so I brought up the remote console through the iLo ... First error msg in the System eventlog was for IPSec. ... inbound and outbound TCP/IP network traffic that is not permitted by ...
    (microsoft.public.windows.group_policy)
Quantcast