Announcement

Collapse
No announcement yet.

how prevent unauthorized (in my company)computer or laptop to access network via Lan

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how prevent unauthorized (in my company)computer or laptop to access network via Lan

    I have network in my company (200 computers) that I am new employee and my firest task is to prevent unauthorizedor laptop( belong to employee or visitor) to access network via LAN

    DHCP Server 2003

    get MAC address from all computers IP Address in network and put them in switch (my switch CISCO 2950) to prevent any other computers that is not in list of Mac address in switch (outside network) to access the network

    please help me by way or if there is other way that solve problem

  • #2
    Re: how prevent unauthorized (in my company)computer or laptop to access network via

    that sounds like one solution. However - it requires a bit of management over head and adding/removing MAC addresses as need be... and if someone really wants to get onto the network, they will just change their mac addrss

    you shold also as a matter of habit use the shutdown command on any port that is not expected to be used.

    you could deploy 802.1x (I think it's called) which is network layer authentication - if the device doesn't have a certificate installed, they can't even talk to the dhcp server...


    my organisation is small enough that i can walk around and see if something's connected that's not meant to be..


    what is your end goal - when you say preventing unauthorisde connection of devices, can you be more specific ? do you want to stop someone from using the internet, or from accessing the network layer at all ?
    Last edited by tehcamel; 9th April 2009, 09:26.

    sigpic


    Please do show your appreciation to those who assist you by leaving Rep Point

    Comment


    • #3
      Re: how prevent unauthorized (in my company)computer or laptop to access network via

      yes I want to stop someone accessing the network layer at all



      how protect my network and what the way or idea (softwear) to do the task


      Thanks alot
      Last edited by maaaajed; 9th April 2009, 11:53. Reason: DHCP

      Comment


      • #4
        Re: how prevent unauthorized (in my company)computer or laptop to access network via

        as i mentioned then:

        802.1x
        Originally posted by [URL="http://en.wikipedia.org/wiki/802.1x"
        http://en.wikipedia.org/wiki/802.1x[/URL]]
        IEEE 802.1X is an IEEE Standard for port-based Network Access Control ("port" meaning a single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails. It is used for most wireless 802.11 access points and is based on the Extensible Authentication Protocol (EAP).
        Last edited by tehcamel; 10th April 2009, 02:08.

        sigpic


        Please do show your appreciation to those who assist you by leaving Rep Point

        Comment


        • #5
          Re: how prevent unauthorized (in my company)computer or laptop to access network via

          TehCamel,
          Please post the source of the text.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: how prevent unauthorized (in my company)computer or laptop to access network via

            Seems to be a copy-paste from a Wikipedia article. Nothing wrong with that, but an attribution would be nice.

            -vP

            Comment


            • #7
              Re: how prevent unauthorized (in my company)computer or laptop to access network via

              I know it's fine but simply give credit to the original writer.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: how prevent unauthorized (in my company)computer or laptop to access network via

                As TehCamel stated, 802.1x would be good for you. Microsoft's network protection implementation is called Network Access Protection (NAP). You may want to consider implementing it, although it's not a minor task. It would involve considerable changes to the environment, however the results could be quite impressive.
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: how prevent unauthorized (in my company)computer or laptop to access network via

                  sorry.. there you go

                  I did also consider suggesting NAC or NAP but know te overhead i ndoin so to be huge. It may also be for 802.1x i', not sure, havnt looked into it enough

                  sigpic


                  Please do show your appreciation to those who assist you by leaving Rep Point

                  Comment

                  Working...
                  X