Prevent Unauthorized PCs to connect on the LAN

G

George Stoykov

Is there any way that I can prevent any "rogue" PCs to connect on the
company's domain?

I'd like to avoid people bringing their laptops or Pocket PCs and connecting
on the LAN.

Thank you!
 
J

Jon Holvoet

What you are looking for can be implemented with 802.1x:
http://en.wikipedia.org/wiki/802.1x
Of course your current infrastructure must be able to support it.

If such a solution might be too expensive, you can always turn back to
MAC-based control, but this is a solution that is far from secure, due to
the easy spoofing of MAC addresses.

--

Jon Holvoet
MCSA / MCSE Security
Comptia Security+
CISSP


"George Stoykov" <gvs@medicineforthedefense.com> wrote in message
news:uy3OZkR2HHA.2064@TK2MSFTNGP03.phx.gbl...
> Is there any way that I can prevent any "rogue" PCs to connect on the
> company's domain?
>
> I'd like to avoid people bringing their laptops or Pocket PCs and
> connecting on the LAN.
>
> Thank you!
>
 
S

S. Pidgorny

Funnily enough, MAC spoofing also allows bypassing 802.1x security on wired
networks:

http://sl.mvps.org/docs/802dot1x.htm

Go IPsec!

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Jon Holvoet" <jon.no-spam.holvoet@telenet.be> wrote in message
news:OkhPBRS2HHA.1168@TK2MSFTNGP02.phx.gbl...
> What you are looking for can be implemented with 802.1x:
> http://en.wikipedia.org/wiki/802.1x
> Of course your current infrastructure must be able to support it.
>
> If such a solution might be too expensive, you can always turn back to
> MAC-based control, but this is a solution that is far from secure, due to
> the easy spoofing of MAC addresses.
>
> --
>
> Jon Holvoet
> MCSA / MCSE Security
> Comptia Security+
> CISSP
>
>
> "George Stoykov" <gvs@medicineforthedefense.com> wrote in message
> news:uy3OZkR2HHA.2064@TK2MSFTNGP03.phx.gbl...
>> Is there any way that I can prevent any "rogue" PCs to connect on the
>> company's domain?
>>
>> I'd like to avoid people bringing their laptops or Pocket PCs and
>> connecting on the LAN.
>>
>> Thank you!
>>

>
>
 
Back
Top Bottom