Announcement

Collapse
No announcement yet.

prevent access to network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • prevent access to network

    Hi,

    I have a network with +/- 200 clients (Win7-Vista-XPsp3)
    Servers are win 2008R2 SP2
    I have DHCP (with reservation) for all the clients (in 4 different scopes)
    How can I prevent that an other machine access the network?
    Now they can give there personal pc (laptop, tablet ore phone) an IP adres of there work pc en they can also make an mac cloning.
    So my server thinks that is the right pc (right combination of mac & ip)
    Can anybody help with a solution to solve this problem?
    Thx in advance

  • #2
    Re: prevent access to network

    If you have cisco switches (or any other enterprise class device) then you could use port security and limit the mac addresses on a per port basis. You could do dhcp snooping, dynamic arp inspection and ip source guard to guard against dhcp attacks, mac spoofing, arp spoofing, ip address spoofing. To take it a step further you can do 802.1x authentication on your layer 2 switchports. Most of these features are platform dependent so it really depends on what gear you have to work with.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: prevent access to network

      is there no posibility to check on mac, ip and another property like operating system or motherboard type or...?
      If so, how to do?

      Comment


      • #4
        Re: prevent access to network

        Otherwise you can try to implement IPSec Domain Isolation, there are some introduction in technet and MSDN blogs ...
        Good Luck

        Comment


        • #5
          Re: prevent access to network

          A NAC policy server can deny access to a host (Windows) based on service pack, particular updates, antivirus version/definition files etc. This would require appropriate hardware and software to implement though and its not cheap if you don't have the gear already.
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment


          • #6
            Re: prevent access to network

            I will look for the NAC policy.
            The result will I post.
            This is a task for the next week.
            Thank you all

            Comment


            • #7
              Re: prevent access to network

              Or Microsoft NAP where you can basically do the same as NAC.
              http://technet.microsoft.com/en-us/n.../bb545879.aspx
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: prevent access to network

                It's not going to be a simple solution..
                \
                NAC/NAP is your best solution.
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: prevent access to network

                  Thank you everyone.
                  I already thought that it is not easy.
                  I will just have to be careful that I don't exclude anyone.

                  Comment


                  • #10
                    Re: prevent access to network

                    Always test it first until you are comfortable to implement the chosen solution.
                    Either way, you have to do some work before you can start implementing it.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment

                    Working...
                    X