"MSExchangeStudent" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> I have a win 2003 Server SP2 which is my domain controller and DHCP on it.
> From time to time someone plug in a laptop into a network point; get a IP;
> and can then use the internet, etc. How do i prevent someone from just
> plugging in the network cable and having access to my network. Except
> obviously reserving a IP for all the MAC adresses on my network; which
> will take me a year to do. Anthing i can block him from getting a IP from
> DHCP or maybe let he get a message to contact the system administrator....
> Hope this is clear
Options:
1. A big gaurd dog that doesn't like laptops
2. Don't use DHCP
3. Don't let your wall jacks be available to the public (secure your
physical building)
4. Don't leave your wall jacks "hot". Unplug the patch cable at the MDF of
IDF when there is not a legitament user using it.
5. Buy the capable equipment and research how to deploy the 802.1x standard
(assuming I got my 802 numbers correct). It is a type of pre-authentication
that requires a certain amount of authentication before the Client is
allowed to get a IP configuration for the LAN.
6. Disable/remove/disconnect the cabling and go with Wireless that is using
at least WPA encryption,...then no one can get on the LAN without the "key".
Have a separate WAP for Guests that is on its own subnet that you can leave
turned off until it is actually needed for someone,...that is obvioulsy the
same theory as leaving the wall jacks "dead" until needed on the wired
system. Since it would only be turned on "as needed" and would be on a
separate subnet you could possibly leave it unsecured.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Similar Threads
Linear Mode
