[NTLUG:Discuss] How do you secure a LAN?

[Paul Ingendorf]

Blocking access inside your lan:
The only way you can make it so no one gets an ip address from the dhcp
server is to setup a list of known HW Ethernet addresses that you install on
the network and assign each of them a dhcp address manually.  Then your
machine needs to check if addresses are alive or not.  If not then it needs
to take on that address as an alias to itself.  The next time a machine asks
for an ip the machine should release that ip address from it's aliases and
then dole out the address to the trusted machine.  Complicated setup and
would require some custom code to handle everything.

I would recommend a managed switch that would allow you to turn ports on and
off then using a management box turn ports on and off based off traffic and
email yourself an alert that someone has added an unauthorized machine on
port x.  Then you can track down the machine slap the end user on the hand
and they are left wondering were the masked man came from.

Blocking internet access:
If you just want to block access to the internet you can setup a proxy
server that requires people to login before they are allowed onto the
internet.  It is very effective and howtos can be found all over the net.

-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Bob Byron
Sent: Sunday, December 29, 2002 6:41 PM
To: discuss at ntlug.org
Subject: [NTLUG:Discuss] How do you secure a LAN?


How do you secure a LAN?  Not every point of access is under my
complete control.

I want to make sure that no one connects any PCs that I don't know
about to the company LAN.  What is the best way to secure it?  Ideally,
I would like to have the LAN setup to do DHCP, however, with a user
name and password required to register with DHCP.  But, since that
is not possible (that I know of), I am open for suggestions.

Thank You,
Bob Byron

_______________________________________________
https://ntlug.org/mailman/listinfo/discuss