Skip to main content

LAN access

More
21 years 1 month ago #1376 by moose
LAN access was created by moose
My company has a win2000 environment, with only 1 domain. A user brings in his home laptop and connects it to the company network without IT's pre-approval. His laptop runs win2000, configured to be part of Workgroup. He does not need to log on to the network, but still can map to known shared folders on the network. We would like to block this method, to safeguard our network against viruses, etc from non-company PCs. Is there a way to disable the 'Workgroup' or force all PCs to be part of the domain?
More
19 years 11 months ago #6503 by Streaminghack
Replied by Streaminghack on topic MAC address
I say the best way to stop not autorized pc on a LAN is to have a whitelist of MAC address. Any MAC not no the list can't get on the network. BTW for wireless networks this is not good security its too easy to Spoof your MAC
More
19 years 11 months ago #6509 by sahirh
Replied by sahirh on topic Re: LAN access
Unfortunately MAC addresses are too easily spoofed.
There is no technical solution for this, its a policy and procedure problem from where I'm standing.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 11 months ago #6512 by Wizmatic
Replied by Wizmatic on topic Re: LAN access
You can blacklist his MAC address by assigning a different ip to him that is not in the same range as your network which will prevent him from connecting to the network and using it's resources.
More
19 years 11 months ago #6548 by nske
Replied by nske on topic Re: LAN access
Wizmatic, not necessarily, as sahirh said, the validity of mac addresses can not be determined. Spoofing the mac addr. can be as simple as issuing an ifconfig command in unix or changing a key at the registry in windows.
More
19 years 11 months ago #6552 by sahirh
Replied by sahirh on topic Re: LAN access
Yep, I've seen this at many large organisations as well... there is just no way to rely on network addresses (either logical or physical) for authentication, simply because they are so easily changed..

In Linux I believe its as simple as
ifconfig eth0 hw addr ether xx-xx-xx-xx-xx-xx

or something like that...

So you really need to work out the proper policies to prevent the laptop threat.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.136 seconds