How do you control access to your network?
Hi guys I need to look at solutions as to control access to our network. Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go. What do you guys use to restrict access to your network? So, even if a service provider plug in a network cable they still do not have access or do have restricted access? Pls give me as much input as possible as to what options are available and/or what you use? Thanks in advance
August 13th, 2012 5:59am

Hello, You can configure DHCP to give IP addresses ONLY to known MAC addresses or switches to allow ONLY traffic from specific MAC addresses. This needs additional administrative tasks but it is not bad as an idea. However, you can also have a look to NAP: http://technet.microsoft.com/en-us/network/bb545879.aspx For internet access, you can require authentication by using Proxy solutions like Forefront TMG and like that they will not be able to access internet. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:07am

Hi, Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go. First and foremost thing, strengthen up your building security and do not allow unauthorized personals entering your office premises !!! Please refer similar discussions which might help in your case Using NAP to Secure DHCP http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/ae64f4ff-ec5b-4ff9-9395-0870d1acca5a/ Prevent unauthorized users from gaining network access? http://serverfault.com/questions/82371/prevent-unauthorized-users-from-gaining-network-access You might get additional inputs in Network Access Protection forum http://social.technet.microsoft.com/Forums/en-US/winserverNAP/threads I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....
August 13th, 2012 6:13am

actually, if you want to control access to the network, configure mac based filtering on your switch. that way, plugging a cable in will do nothing unless you also configure the switch to allow that mac on the port
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:18am

People coming in attaching network cable and accessing internet is actually a threat. If they start using internet using your local proxy that mean they can exploit your local network and there shared resources too. How ever if you want to restrict the internet access you should start restricting them directly from the proxy server using the authentication or binding the ip address of the machine. The mentioned 2 things can be easily achieved using the fore front threat management gateway or ISA server. for network security you should look forward with the NAP http://technet.microsoft.com/en-us/network/bb545879.aspx http://www.arabitpro.com
August 13th, 2012 6:45am

Hello, You can configure DHCP to give IP addresses ONLY to known MAC addresses. This needs additional administrative tasks but it is not bad as an idea. However, you can also have a look to NAP: http://technet.microsoft.com/en-us/network/bb545879.aspx For internet access, you can require authentication by using Proxy solutions like Forefront TMG and like that they will not be able to access internet. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer Thanks for your reply I will look at NAP and the reserving of MAC adresses. We do have a product in place with our service provider which does authentication for the proxy.
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:46am

Hi, Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go. First and foremost thing, strengthen up your building security and do not allow unauthorized personals entering your office premises !!! Please refer similar discussions which might help in your case Using NAP to Secure DHCP http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/ae64f4ff-ec5b-4ff9-9395-0870d1acca5a/ Prevent unauthorized users from gaining network access? http://serverfault.com/questions/82371/prevent-unauthorized-users-from-gaining-network-access You might get additional inputs in Network Access Protection forum http://social.technet.microsoft.com/Forums/en-US/winserverNAP/threads I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... .... Thanks for your response. I will lok into NAP thanks and the other links you provided Re: your first point. We do have a number of controls in place which restrict physical access to the building so that is not an issue. I just called it "Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go." :)
August 13th, 2012 6:49am

actually, if you want to control access to the network, configure mac based filtering on your switch. that way, plugging a cable in will do nothing unless you also configure the switch to allow that mac on the port Thanks for the idea. Will look into it as an option
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:53am

People coming in attaching network cable and accessing internet is actually a threat. If they start using internet using your local proxy that mean they can exploit your local network and there shared resources too. How ever if you want to restrict the internet access you should start restricting them directly from the proxy server using the authentication or binding the ip address of the machine. The mentioned 2 things can be easily achieved using the fore front threat management gateway or ISA server. for network security you should look forward with the NAP http://technet.microsoft.com/en-us/network/bb545879.aspx http://www.arabitpro.com Thanks, i will look into this. What do you use in your company for these security messures?
August 13th, 2012 6:55am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics