Prevent Unauthorized PCs to connect on the LAN

  • Thread starter Thread starter George Stoykov
  • Start date Start date
G

George Stoykov

Is there any way that I can prevent any "rogue" PCs to connect on the
company's domain?

I'd like to avoid people bringing their laptops or Pocket PCs and connecting
on the LAN.

Thank you!
 
What you are looking for can be implemented with 802.1x:
http://en.wikipedia.org/wiki/802.1x
Of course your current infrastructure must be able to support it.

If such a solution might be too expensive, you can always turn back to
MAC-based control, but this is a solution that is far from secure, due to
the easy spoofing of MAC addresses.

--

Jon Holvoet
MCSA / MCSE Security
Comptia Security+
CISSP


"George Stoykov" <gvs@medicineforthedefense.com> wrote in message
news:uy3OZkR2HHA.2064@TK2MSFTNGP03.phx.gbl...
> Is there any way that I can prevent any "rogue" PCs to connect on the
> company's domain?
>
> I'd like to avoid people bringing their laptops or Pocket PCs and
> connecting on the LAN.
>
> Thank you!
>
 
Funnily enough, MAC spoofing also allows bypassing 802.1x security on wired
networks:

http://sl.mvps.org/docs/802dot1x.htm

Go IPsec!

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Jon Holvoet" <jon.no-spam.holvoet@telenet.be> wrote in message
news:OkhPBRS2HHA.1168@TK2MSFTNGP02.phx.gbl...
> What you are looking for can be implemented with 802.1x:
> http://en.wikipedia.org/wiki/802.1x
> Of course your current infrastructure must be able to support it.
>
> If such a solution might be too expensive, you can always turn back to
> MAC-based control, but this is a solution that is far from secure, due to
> the easy spoofing of MAC addresses.
>
> --
>
> Jon Holvoet
> MCSA / MCSE Security
> Comptia Security+
> CISSP
>
>
> "George Stoykov" <gvs@medicineforthedefense.com> wrote in message
> news:uy3OZkR2HHA.2064@TK2MSFTNGP03.phx.gbl...
>> Is there any way that I can prevent any "rogue" PCs to connect on the
>> company's domain?
>>
>> I'd like to avoid people bringing their laptops or Pocket PCs and
>> connecting on the LAN.
>>
>> Thank you!
>>
>
>
 
Back
Top