Guest MSExchangeStudent Posted August 13, 2007 Posted August 13, 2007 Hi all I have a win 2003 Server SP2 which is my domain controller and DHCP on it. From time to time someone plug in a laptop into a network point; get a IP; and can then use the internet, etc. How do i prevent someone from just plugging in the network cable and having access to my network. Except obviously reserving a IP for all the MAC adresses on my network; which will take me a year to do. Anthing i can block him from getting a IP from DHCP or maybe let he get a message to contact the system administrator.... Hope this is clear
Guest Phillip Windell Posted August 13, 2007 Posted August 13, 2007 Re: How do i prevent someone from accesing my LAN "MSExchangeStudent" <exchangestudent@newsgroups.com> wrote in message news:%23iuwDnY3HHA.1168@TK2MSFTNGP02.phx.gbl... > I have a win 2003 Server SP2 which is my domain controller and DHCP on it. > From time to time someone plug in a laptop into a network point; get a IP; > and can then use the internet, etc. How do i prevent someone from just > plugging in the network cable and having access to my network. Except > obviously reserving a IP for all the MAC adresses on my network; which > will take me a year to do. Anthing i can block him from getting a IP from > DHCP or maybe let he get a message to contact the system administrator.... > Hope this is clear Options: 1. A big gaurd dog that doesn't like laptops 2. Don't use DHCP 3. Don't let your wall jacks be available to the public (secure your physical building) 4. Don't leave your wall jacks "hot". Unplug the patch cable at the MDF of IDF when there is not a legitament user using it. 5. Buy the capable equipment and research how to deploy the 802.1x standard (assuming I got my 802 numbers correct). It is a type of pre-authentication that requires a certain amount of authentication before the Client is allowed to get a IP configuration for the LAN. 6. Disable/remove/disconnect the cabling and go with Wireless that is using at least WPA encryption,...then no one can get on the LAN without the "key". Have a separate WAP for Guests that is on its own subnet that you can leave turned off until it is actually needed for someone,...that is obvioulsy the same theory as leaving the wall jacks "dead" until needed on the wired system. Since it would only be turned on "as needed" and would be on a separate subnet you could possibly leave it unsecured. -- Phillip Windell http://www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
Guest SeriousSam Posted August 13, 2007 Posted August 13, 2007 Re: How do i prevent someone from accesing my LAN I liked the Guard dog option best, Mr. Windell hahaha. That was fun. Although I have never actually done it, I know it is also possible to use Vendor Class iD to limit access to your DHCP scope. Here is a link that discusses it. http://support.microsoft.com/kb/240247 . Hope that helps! "MSExchangeStudent" <exchangestudent@newsgroups.com> wrote in message news:%23iuwDnY3HHA.1168@TK2MSFTNGP02.phx.gbl... > Hi all > > I have a win 2003 Server SP2 which is my domain controller and DHCP on it. > From time to time someone plug in a laptop into a network point; get a IP; > and can then use the internet, etc. How do i prevent someone from just > plugging in the network cable and having access to my network. Except > obviously reserving a IP for all the MAC adresses on my network; which > will take me a year to do. Anthing i can block him from getting a IP from > DHCP or maybe let he get a message to contact the system administrator.... > Hope this is clear >
Guest Phillip Windell Posted August 13, 2007 Posted August 13, 2007 Re: How do i prevent someone from accesing my LAN "SeriousSam" <Pleasereply@newsgrouponly.com> wrote in message news:uOkUlnc3HHA.1900@TK2MSFTNGP02.phx.gbl... >I liked the Guard dog option best, Mr. Windell hahaha. That was fun. :-) > Although I have never actually done it, I know it is also possible to use > Vendor Class iD to limit access to your DHCP scope. Here is a link that > discusses it. http://support.microsoft.com/kb/240247 . Hope that helps! Ok. -- Phillip Windell http://www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
Guest MSExchangeStudent Posted August 14, 2007 Posted August 14, 2007 Re: How do i prevent someone from accesing my LAN Thank you phillip and SeriousSam "Phillip Windell" <philwindell@hotmail.com> wrote in message news:ug$MWpc3HHA.5160@TK2MSFTNGP05.phx.gbl... > > "SeriousSam" <Pleasereply@newsgrouponly.com> wrote in message > news:uOkUlnc3HHA.1900@TK2MSFTNGP02.phx.gbl... >>I liked the Guard dog option best, Mr. Windell hahaha. That was fun. > > :-) > >> Although I have never actually done it, I know it is also possible to >> use Vendor Class iD to limit access to your DHCP scope. Here is a link >> that discusses it. http://support.microsoft.com/kb/240247 . Hope that >> helps! > > Ok. > > -- > Phillip Windell > http://www.wandtv.com > > The views expressed, are my own and not those of my employer, or > Microsoft, or anyone else associated with me, including my cats. > ----------------------------------------------------- > >
Guest Rayees Posted August 16, 2007 Posted August 16, 2007 Re: How do i prevent someone from accesing my LAN Hi Based on the scenario described by your, I suggest you to use Network admission control (NAC). Which will solve your problem. Analyse the complete need, you must use DHCP Enforcer along with 802.1x which can solve the purpose. At this moment microsoft don't have any out of box solution and the NAC is going to be part of Windows server 2008. If you can't wait till that time, you can use thirdparty product like CISCO NAC or Symantec NAC. Regards Rayees
Recommended Posts