How do you control access to your network?
Hi guys
I need to look at solutions as to control access to our network. Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go. What do you guys use to restrict access to your
network? So, even if a service provider plug in a network cable they still do not have access or do have restricted access?
Pls give me as much input as possible as to what options are available and/or what you use?
Thanks in advance
August 13th, 2012 5:59am
Hello,
You can configure DHCP to give IP addresses ONLY to known MAC addresses or switches to allow ONLY traffic from specific MAC addresses. This needs additional administrative tasks but it is not bad as an idea.
However, you can also have a look to NAP: http://technet.microsoft.com/en-us/network/bb545879.aspx
For internet access, you can require authentication by using Proxy solutions like Forefront TMG and like that they will not be able to access internet.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:07am
Hi,
Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go.
First and foremost thing, strengthen up your building security and do not allow unauthorized personals entering your office premises !!!
Please refer similar discussions which might help in your case
Using NAP to Secure DHCP
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/ae64f4ff-ec5b-4ff9-9395-0870d1acca5a/
Prevent unauthorized users from gaining network access?
http://serverfault.com/questions/82371/prevent-unauthorized-users-from-gaining-network-access
You might get additional inputs in Network Access Protection forum
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/threads
I do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
- .... .- -. -.- ... --..-- ... .- -. - --- ... ....
August 13th, 2012 6:13am
actually, if you want to control access to the network, configure mac based filtering on your switch. that way, plugging a cable in will do nothing unless you also configure the switch to allow that mac on the port
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:18am
People coming in attaching network cable and accessing internet is actually a threat. If they start using internet using your local proxy that mean they can exploit your local network and there shared resources too.
How ever if you want to restrict the internet access you should start restricting them directly from the proxy server using the authentication or binding the ip address of the machine. The mentioned 2 things can be easily achieved
using the fore front threat management gateway or ISA server.
for network security you should look forward with the NAP
http://technet.microsoft.com/en-us/network/bb545879.aspx http://www.arabitpro.com
August 13th, 2012 6:45am
Hello,
You can configure DHCP to give IP addresses ONLY to known MAC addresses. This needs additional administrative tasks but it is not bad as an idea.
However, you can also have a look to NAP: http://technet.microsoft.com/en-us/network/bb545879.aspx
For internet access, you can require authentication by using Proxy solutions like Forefront TMG and like that they will not be able to access internet.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Thanks for your reply
I will look at NAP and the reserving of MAC adresses. We do have a product in place with our service provider which does authentication for the proxy.
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:46am
Hi,
Everyday people walk into our buidling and wants a internet connection so they stick in a network cable and proxy settings and boom, they go.
First and foremost thing, strengthen up your building security and do not allow unauthorized personals entering your office premises !!!
Please refer similar discussions which might help in your case
Using NAP to Secure DHCP
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/ae64f4ff-ec5b-4ff9-9395-0870d1acca5a/
Prevent unauthorized users from gaining network access?
http://serverfault.com/questions/82371/prevent-unauthorized-users-from-gaining-network-access
You might get additional inputs in Network Access Protection forum
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/threads
I do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
- .... .- -. -.- ... --..-- ... .- -. - --- ... ....
Thanks for your response. I will lok into NAP thanks and the other links you provided
Re: your first point. We do have a number of controls in place which restrict physical access to the building so that is not an issue. I just called it "Everyday people walk into our buidling and wants a internet connection so they stick in a network
cable and proxy settings and boom, they go." :)
August 13th, 2012 6:49am
actually, if you want to control access to the network, configure mac based filtering on your switch. that way, plugging a cable in will do nothing unless you also configure the switch to allow that mac on the port
Thanks for the idea. Will look into it as an option
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 6:53am
People coming in attaching network cable and accessing internet is actually a threat. If they start using internet using your local proxy that mean they can exploit your local network and there shared resources too.
How ever if you want to restrict the internet access you should start restricting them directly from the proxy server using the authentication or binding the ip address of the machine. The mentioned 2 things can be easily achieved
using the fore front threat management gateway or ISA server.
for network security you should look forward with the NAP
http://technet.microsoft.com/en-us/network/bb545879.aspx
http://www.arabitpro.com
Thanks, i will look into this. What do you use in your company for these security messures?
August 13th, 2012 6:55am