Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Server Operating Systems > Windows Server 2000 / 2003 / 2003 R2
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

how prevent unauthorized (in my company)computer or laptop to access network via Lan

how prevent unauthorized (in my company)computer or laptop to access network via Lan

this thread has 8 replies and has been viewed 6412 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 9th April 2009, 09:15
maaaajed maaaajed is offline
Casual
Casual
 
 Join Date: Apr 2009
  6 month star 12 month star
 Posts: 7
 Reputation: maaaajed is on a distinguished road (10)
Default how prevent unauthorized (in my company)computer or laptop to access network via Lan

I have network in my company (200 computers) that I am new employee and my firest task is to prevent unauthorizedor laptop( belong to employee or visitor) to access network via LAN

DHCP Server 2003

get MAC address from all computers IP Address in network and put them in switch (my switch CISCO 2950) to prevent any other computers that is not in list of Mac address in switch (outside network) to access the network

please help me by way or if there is other way that solve problem
  #2  
Old 9th April 2009, 11:24
tehcamel's Avatar
tehcamel tehcamel is offline
Moderator
 
 Join Date: Mar 2009
  6 month star 12 month star
 Location: Melbourne
 Posts: 5,700
  Send a message via Skype™ to tehcamel
 Reputation: tehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to behold (727)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

that sounds like one solution. However - it requires a bit of management over head and adding/removing MAC addresses as need be... and if someone really wants to get onto the network, they will just change their mac addrss

you shold also as a matter of habit use the shutdown command on any port that is not expected to be used.

you could deploy 802.1x (I think it's called) which is network layer authentication - if the device doesn't have a certificate installed, they can't even talk to the dhcp server...


my organisation is small enough that i can walk around and see if something's connected that's not meant to be..


what is your end goal - when you say preventing unauthorisde connection of devices, can you be more specific ? do you want to stop someone from using the internet, or from accessing the network layer at all ?

Last edited by tehcamel; 9th April 2009 at 11:26..
  #3  
Old 9th April 2009, 13:33
maaaajed maaaajed is offline
Casual
Casual
 
 Join Date: Apr 2009
  6 month star 12 month star
 Posts: 7
 Reputation: maaaajed is on a distinguished road (10)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

yes I want to stop someone accessing the network layer at all



how protect my network and what the way or idea (softwear) to do the task


Thanks alot

Last edited by maaaajed; 9th April 2009 at 13:53.. Reason: DHCP
  #4  
Old 9th April 2009, 16:17
tehcamel's Avatar
tehcamel tehcamel is offline
Moderator
 
 Join Date: Mar 2009
  6 month star 12 month star
 Location: Melbourne
 Posts: 5,700
  Send a message via Skype™ to tehcamel
 Reputation: tehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to behold (727)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

as i mentioned then:

802.1x
Quote:
Originally Posted by [URL="http://en.wikipedia.org/wiki/802.1x"
http://en.wikipedia.org/wiki/802.1x[/URL]]
IEEE 802.1X is an IEEE Standard for port-based Network Access Control ("port" meaning a single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails. It is used for most wireless 802.11 access points and is based on the Extensible Authentication Protocol (EAP).

Last edited by tehcamel; 10th April 2009 at 04:08..
  #5  
Old 9th April 2009, 16:20
Dumber's Avatar
Dumber Dumber is offline
Moderator
 
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,179
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (849)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

TehCamel,
Please post the source of the text.
__________________
Marcel
Technical Consultant
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
"No matter how secure, there is always the human factor."

"Enjoy life today, tomorrow may never come."
"If you're going through hell, keep going. ~Winston Churchill"

  #6  
Old 9th April 2009, 17:10
vonPryz vonPryz is offline
Member
Here to help
 
 Join Date: Oct 2008
  6 month star 12 month star
 Location: Finland
 Posts: 354
 Reputation: vonPryz will become famous soon enough (80)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

Seems to be a copy-paste from a Wikipedia article. Nothing wrong with that, but an attribution would be nice.

-vP
  #7  
Old 9th April 2009, 22:02
Dumber's Avatar
Dumber Dumber is offline
Moderator
 
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,179
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (849)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

I know it's fine but simply give credit to the original writer.
__________________
Marcel
Technical Consultant
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
"No matter how secure, there is always the human factor."

"Enjoy life today, tomorrow may never come."
"If you're going through hell, keep going. ~Winston Churchill"

  #8  
Old 10th April 2009, 01:43
Nonapeptide's Avatar
MVM Nonapeptide Nonapeptide is offline
Senior Member
MVM
 
 Join Date: Feb 2008
  6 month star 12 month star
 Location: Scottsdale, Arizona
 Posts: 1,769
  Send a message via MSN to Nonapeptide Send a message via Yahoo to Nonapeptide Send a message via Skype™ to Nonapeptide
 Reputation: Nonapeptide has a spectacular aura aboutNonapeptide has a spectacular aura aboutNonapeptide has a spectacular aura about (246)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

As TehCamel stated, 802.1x would be good for you. Microsoft's network protection implementation is called Network Access Protection (NAP). You may want to consider implementing it, although it's not a minor task. It would involve considerable changes to the environment, however the results could be quite impressive.
__________________
Wesley David
LinkedIn | Careers 2.0
-------------------------------
Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
Vendor Neutral Certifications: CWNA
Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: Nonapeptide@gmail.com || Skype: Wesley.Nonapeptide
Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/
  #9  
Old 10th April 2009, 04:08
tehcamel's Avatar
tehcamel tehcamel is offline
Moderator
 
 Join Date: Mar 2009
  6 month star 12 month star
 Location: Melbourne
 Posts: 5,700
  Send a message via Skype™ to tehcamel
 Reputation: tehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to behold (727)
Default Re: how prevent unauthorized (in my company)computer or laptop to access network via

sorry.. there you go

I did also consider suggesting NAC or NAP but know te overhead i ndoin so to be huge. It may also be for 802.1x i', not sure, havnt looked into it enough
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent access to LAN via switch security (WAS:how to prevent personal PCs or laptop) alivip Cisco Security PIX/ASA/VPN 7 28th May 2009 14:01
how prevent personal( in company) PCs or laptop to access network via Lan alivip Cisco Routers & Switches How-to 1 6th April 2009 15:51
Preventing unauthorized Hubs/Switches from accessing LAN tsignal32 Cisco Routers & Switches How-to 4 15th March 2008 05:40
Prevent Any External PC, Laptop from Using Internet & network recourses amr Active Directory 4 17th December 2006 16:58
Block unauthorized user from using network hirari General Security 4 26th July 2006 16:47


All times are GMT +3. The time now is 18:22.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri