Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: LAN access

LAN access 14 years 10 months ago #1376

  • moose
  • moose's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 2
  • Thank you received: 0
My company has a win2000 environment, with only 1 domain. A user brings in his home laptop and connects it to the company network without IT's pre-approval. His laptop runs win2000, configured to be part of Workgroup. He does not need to log on to the network, but still can map to known shared folders on the network. We would like to block this method, to safeguard our network against viruses, etc from non-company PCs. Is there a way to disable the 'Workgroup' or force all PCs to be part of the domain?

MAC address 13 years 8 months ago #6503

I say the best way to stop not autorized pc on a LAN is to have a whitelist of MAC address. Any MAC not no the list can't get on the network. BTW for wireless networks this is not good security its too easy to Spoof your MAC

Re: LAN access 13 years 8 months ago #6509

Unfortunately MAC addresses are too easily spoofed.
There is no technical solution for this, its a policy and procedure problem from where I'm standing.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com

Re: LAN access 13 years 8 months ago #6512

You can blacklist his MAC address by assigning a different ip to him that is not in the same range as your network which will prevent him from connecting to the network and using it's resources.

Re: LAN access 13 years 8 months ago #6548

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 613
  • Thank you received: 0
Wizmatic, not necessarily, as sahirh said, the validity of mac addresses can not be determined. Spoofing the mac addr. can be as simple as issuing an ifconfig command in unix or changing a key at the registry in windows.

Re: LAN access 13 years 8 months ago #6552

Yep, I've seen this at many large organisations as well... there is just no way to rely on network addresses (either logical or physical) for authentication, simply because they are so easily changed..

In Linux I believe its as simple as
ifconfig eth0 hw addr ether xx-xx-xx-xx-xx-xx

or something like that...

So you really need to work out the proper policies to prevent the laptop threat.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
  • Page:
  • 1
  • 2
Time to create page: 0.158 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup