Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: LAN access

LAN access 13 years 1 month ago #1376

  • moose
  • moose's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
My company has a win2000 environment, with only 1 domain. A user brings in his home laptop and connects it to the company network without IT's pre-approval. His laptop runs win2000, configured to be part of Workgroup. He does not need to log on to the network, but still can map to known shared folders on the network. We would like to block this method, to safeguard our network against viruses, etc from non-company PCs. Is there a way to disable the 'Workgroup' or force all PCs to be part of the domain?
The administrator has disabled public write access.

MAC address 11 years 11 months ago #6503

I say the best way to stop not autorized pc on a LAN is to have a whitelist of MAC address. Any MAC not no the list can't get on the network. BTW for wireless networks this is not good security its too easy to Spoof your MAC
The administrator has disabled public write access.

Re: LAN access 11 years 11 months ago #6509

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Unfortunately MAC addresses are too easily spoofed.
There is no technical solution for this, its a policy and procedure problem from where I'm standing.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: LAN access 11 years 11 months ago #6512

  • Wizmatic
  • Wizmatic's Avatar
  • Offline
  • New Member
  • Posts: 13
  • Karma: 0
You can blacklist his MAC address by assigning a different ip to him that is not in the same range as your network which will prevent him from connecting to the network and using it's resources.
The administrator has disabled public write access.

Re: LAN access 11 years 11 months ago #6548

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
Wizmatic, not necessarily, as sahirh said, the validity of mac addresses can not be determined. Spoofing the mac addr. can be as simple as issuing an ifconfig command in unix or changing a key at the registry in windows.
The administrator has disabled public write access.

Re: LAN access 11 years 11 months ago #6552

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Yep, I've seen this at many large organisations as well... there is just no way to rely on network addresses (either logical or physical) for authentication, simply because they are so easily changed..

In Linux I believe its as simple as
ifconfig eth0 hw addr ether xx-xx-xx-xx-xx-xx

or something like that...

So you really need to work out the proper policies to prevent the laptop threat.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.086 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup