[NTLUG:Discuss] How do you secure a LAN?
Bug Hunter
bughuntr at one.ctelcom.net
Mon Dec 30 18:42:35 CST 2002
Yes, that is true. You still have to go to the trouble of setting up
each machine. There are three advantages that I see:
1) IP address documentation in one place
2) Forces the user to come to you before the machine is authorized to
connect to the network.
3) You can shut down a machine remotely, if the Lease time on the
address is short.
The requestor's comment was he wanted to approve each machine before it
got an ip address. I assume this is to cut down on rogue machines.
Note that you would have to create 255 entries that assign ip's to a
real machine's nic card to keep an enterprising person from setting up a
static ip without telling you. You want the response to "unassigned" ip
addresses to be "IP address is already in use" when the user tries to get
out on the network with a rogue machine.
Big, big headache for the most part.
bug
On 30 Dec 2002, Wayne Dahl wrote:
> On Mon, 2002-12-30 at 10:17, Bug Hunter wrote:
> >
> > The best way to do this is to run DHCP, with assignment of IP address
> > tied to a MAC address on a network card.
> >
> > That prevents a machine from getting an address from your dhcp server
> > before you have vetted the machine.
> >
> > bug
>
> Aside from the fact that a machine may not be online and the IP address
> is not being used, how is this different from static IP's? You still
> have to go to the trouble of setting it all up for each machine, do you
> not?
>
> Wayne
>
More information about the Discuss
mailing list