How do i prevent someone from accesing my LAN

  • Thread starter Thread starter MSExchangeStudent
  • Start date Start date
M

MSExchangeStudent

Hi all

I have a win 2003 Server SP2 which is my domain controller and DHCP on it.
From time to time someone plug in a laptop into a network point; get a IP;
and can then use the internet, etc. How do i prevent someone from just
plugging in the network cable and having access to my network. Except
obviously reserving a IP for all the MAC adresses on my network; which will
take me a year to do. Anthing i can block him from getting a IP from DHCP or
maybe let he get a message to contact the system administrator.... Hope this
is clear
 
"MSExchangeStudent" <exchangestudent@newsgroups.com> wrote in message
news:%23iuwDnY3HHA.1168@TK2MSFTNGP02.phx.gbl...

> I have a win 2003 Server SP2 which is my domain controller and DHCP on it.
> From time to time someone plug in a laptop into a network point; get a IP;
> and can then use the internet, etc. How do i prevent someone from just
> plugging in the network cable and having access to my network. Except
> obviously reserving a IP for all the MAC adresses on my network; which
> will take me a year to do. Anthing i can block him from getting a IP from
> DHCP or maybe let he get a message to contact the system administrator....
> Hope this is clear

Options:

1. A big gaurd dog that doesn't like laptops

2. Don't use DHCP

3. Don't let your wall jacks be available to the public (secure your
physical building)

4. Don't leave your wall jacks "hot". Unplug the patch cable at the MDF of
IDF when there is not a legitament user using it.

5. Buy the capable equipment and research how to deploy the 802.1x standard
(assuming I got my 802 numbers correct). It is a type of pre-authentication
that requires a certain amount of authentication before the Client is
allowed to get a IP configuration for the LAN.

6. Disable/remove/disconnect the cabling and go with Wireless that is using
at least WPA encryption,...then no one can get on the LAN without the "key".
Have a separate WAP for Guests that is on its own subnet that you can leave
turned off until it is actually needed for someone,...that is obvioulsy the
same theory as leaving the wall jacks "dead" until needed on the wired
system. Since it would only be turned on "as needed" and would be on a
separate subnet you could possibly leave it unsecured.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
I liked the Guard dog option best, Mr. Windell hahaha. That was fun.
Although I have never actually done it, I know it is also possible to use
Vendor Class iD to limit access to your DHCP scope. Here is a link that
discusses it. http://support.microsoft.com/kb/240247 . Hope that helps!


"MSExchangeStudent" <exchangestudent@newsgroups.com> wrote in message
news:%23iuwDnY3HHA.1168@TK2MSFTNGP02.phx.gbl...
> Hi all
>
> I have a win 2003 Server SP2 which is my domain controller and DHCP on it.
> From time to time someone plug in a laptop into a network point; get a IP;
> and can then use the internet, etc. How do i prevent someone from just
> plugging in the network cable and having access to my network. Except
> obviously reserving a IP for all the MAC adresses on my network; which
> will take me a year to do. Anthing i can block him from getting a IP from
> DHCP or maybe let he get a message to contact the system administrator....
> Hope this is clear
>
 
"SeriousSam" <Pleasereply@newsgrouponly.com> wrote in message
news:uOkUlnc3HHA.1900@TK2MSFTNGP02.phx.gbl...
>I liked the Guard dog option best, Mr. Windell hahaha. That was fun.

:-)

> Although I have never actually done it, I know it is also possible to use
> Vendor Class iD to limit access to your DHCP scope. Here is a link that
> discusses it. http://support.microsoft.com/kb/240247 . Hope that helps!

Ok.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
Thank you phillip and SeriousSam

"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:ug$MWpc3HHA.5160@TK2MSFTNGP05.phx.gbl...
>
> "SeriousSam" <Pleasereply@newsgrouponly.com> wrote in message
> news:uOkUlnc3HHA.1900@TK2MSFTNGP02.phx.gbl...
>>I liked the Guard dog option best, Mr. Windell hahaha. That was fun.
>
> :-)
>
>> Although I have never actually done it, I know it is also possible to
>> use Vendor Class iD to limit access to your DHCP scope. Here is a link
>> that discusses it. http://support.microsoft.com/kb/240247 . Hope that
>> helps!
>
> Ok.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
 
Hi

Based on the scenario described by your, I suggest you to use Network
admission control (NAC). Which will solve your problem.

Analyse the complete need, you must use DHCP Enforcer along with 802.1x
which can solve the purpose. At this moment microsoft don't have any out of
box solution and the NAC is going to be part of Windows server 2008.

If you can't wait till that time, you can use thirdparty product like CISCO
NAC or Symantec NAC.

Regards
Rayees
 
Back
Top