[NTLUG:Discuss] How do you secure a LAN?
Jim Wildman
jim at rossberry.com
Mon Dec 30 11:15:00 CST 2002
If you are using intelligent switches, you can also turn off all the
ports that are not being used, and perhaps, lock a port to a MAC
address. Remember that MAC's can be set in the software, so this
is not, by itself, foolproof. This also doesn't help with geeks
like us who set up nat boxes, but if you can't trust your geeks, who
can you trust? At the large financial institution for which I work,
our department (which supports the midrange servers) has required an
additional DHCP allotment and skewed the heating and cooling load on
the building. And we all have laptops...
------------------------------------------------------------------------
Jim Wildman, CISSP jim at rossberry.com
http://www.rossberry.com
On Mon, 30 Dec 2002, Bug Hunter wrote:
>
> The best way to do this is to run DHCP, with assignment of IP address
> tied to a MAC address on a network card.
>
> That prevents a machine from getting an address from your dhcp server
> before you have vetted the machine.
>
> bug
>
>
> On Sun, 29 Dec 2002, Bob Byron wrote:
>
> > How do you secure a LAN? Not every point of access is under my
> > complete control.
> >
> > I want to make sure that no one connects any PCs that I don't know
> > about to the company LAN. What is the best way to secure it? Ideally,
> > I would like to have the LAN setup to do DHCP, however, with a user
> > name and password required to register with DHCP. But, since that
> > is not possible (that I know of), I am open for suggestions.
> >
> > Thank You,
> > Bob Byron
>
>
More information about the Discuss
mailing list