[NTLUG:Discuss] How do you secure a LAN?

Bob Byron ntlug at radit.com
Sat Jan 4 14:03:58 CST 2003 

Thank you for your suggestion.  I did review squid.

At first look, I am disinclined to use squid due to it requiring proxy
setup for access.  I have a wide variety of systems I have to support and
I don't know that they would all be able to use proxy settings.  Allowing
the firewall to choose whether or not to accept or deny access based on
the MAC allows me to turn everything on, or off for a user.  I also don't
have to worry that the proxy server might be giving me problems.  I can
write a webapp pretty quick to make the MAC/user firewall changes, and
that should be all that I need to control my little world.

Thanks Again,
Bob
----- Original Message ----- 
From: "Paul Ingendorf" <pauldy at wantek.net>
To: <discuss at ntlug.org>
Sent: Tuesday, December 31, 2002 10:19 AM
Subject: Re: [NTLUG:Discuss] How do you secure a LAN?


Might I suggest rather than reinventing the wheel, a simple proxy app that 
requires the end user login prior to allowing access be used.  If I remember 
right squid will allow you to do this with a minor headache.

Quoting Bob Byron <bbyron at radit.com>:

> Thank You for all the insight.  After taking all of this into
> consideration,
> this is what I am going to do.  DHCP will be the address controller.  
> They can log onto the LAN at their convenience.  However, I am going 
> to write a web application that will update the firewall to allow
> internet
> access based on specific MAC address.  In order for a machine to go
> onto the internet, they must be self approved via the webapp, but that
> 
> does log the information and let's me know about the new machine.
> 
> There are too many logistical issues for me to control the ports on
> the
> switch directly.  The effort would be enourmous and inconvenient for
> the user.  This offers the desired control.
> 
> Thanks Again,
> Bob Byron
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
> 



-- 
-->> mailto:pauldy at wantek.net
-->> http://www.wantek.net/
Running ....... Cos anything else would be a waste...
`:::\'                  .......  ......
 :::  *                  `::.    ::\'
 ::: .::  .:.::.  .:: .::  `::. :\'
 :::  ::   ::  ::  ::  ::    :::.
 ::: .::. .::  ::.  `::::. .:\'  ::.
:::.....................::\'   .::::..

_______________________________________________
https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list