[NTLUG:Discuss] How do you secure a LAN?
rob apodaca
rob.apodaca at attbi.com
Tue Dec 31 09:11:14 CST 2002
On Sun, 29 Dec 2002 18:41:12 -0600
"Bob Byron" <ntlug at radit.com> wrote:
> How do you secure a LAN? Not every point of access is under my
> complete control.
>
> I want to make sure that no one connects any PCs that I don't know
> about to the company LAN. What is the best way to secure it?
> Ideally, I would like to have the LAN setup to do DHCP, however,
> with a user name and password required to register with DHCP. But,
> since that is not possible (that I know of), I am open for
> suggestions.
>
> Thank You,
> Bob Byron
>
An interesting problem. You could definatly use DHCP and mac-addresses
to control which PC's could obtain IP addresses automatically, but
this doesn't prevent someone from using a static IP address and then
accessing network resources. You may want to think about the network
resources you trying to protect. Internet access? Web Server? Telnet
Server? MS Shares? FTP Server? NFS Shares? In my opinion, if you
secure your resources, you should not have to worry about who plugs
what box into where because the situation you are describing is
exactly like the internet. It is an untrusted network therefore, you
need to lock down your recources (the stuff you do control) and don't
worry about what you do not control.
Perhaps you could isolate your segment of the lan (the part you do
have complete control of) with a firewall? You could allow only the
machines of your choosing access to your recources.
Hope this has been useful.
Cheers,
-rob
More information about the Discuss
mailing list