[NTLUG:Discuss] How do you secure a LAN?
Bob Byron
bbyron at radit.com
Sat Jan 4 13:51:30 CST 2003
Lots of good options here, but my goal is simply to get the most accurate
count of internet users, so I can more efficiently allocate resources. If I
allow internet access based on MAC address, that gets me closest to
attaining my goal. I would ultimately like to track bandwidth usage at
the MAC/user level.
Bob
----- Original Message -----
From: "rob apodaca" <rob.apodaca at attbi.com>
To: <discuss at ntlug.org>
Cc: <ntlug at radit.com>
Sent: Tuesday, December 31, 2002 9:11 AM
Subject: Re: [NTLUG:Discuss] How do you secure a LAN?
An interesting problem. You could definatly use DHCP and mac-addresses
to control which PC's could obtain IP addresses automatically, but
this doesn't prevent someone from using a static IP address and then
accessing network resources. You may want to think about the network
resources you trying to protect. Internet access? Web Server? Telnet
Server? MS Shares? FTP Server? NFS Shares? In my opinion, if you
secure your resources, you should not have to worry about who plugs
what box into where because the situation you are describing is
exactly like the internet. It is an untrusted network therefore, you
need to lock down your recources (the stuff you do control) and don't
worry about what you do not control.
Perhaps you could isolate your segment of the lan (the part you do
have complete control of) with a firewall? You could allow only the
machines of your choosing access to your recources.
Hope this has been useful.
Cheers,
-rob
_______________________________________________
https://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list