Intruders....?

Hi guys this is the first time that I write on this service.
I am from Mexico so sorry for any syntax error.
Well, I would like to know if somebody is having problems with "intruders"
on your LAN?
Here is the history...
I am working in a company with several visits from corporate office and of
course I have to leave several services (network nodes) activated for these
visits.
Unfortunately, we received other kind of people (suppliers, consultants,
outsourcing etc...) , with their own pc´s, and they conect their laptops on
this active network nodes sometimes without asking for any permission to use
our LAN resources.
I have a DHCP server and of course I can not reserve IP addresses for each
pc that is conected to our network.
So, I want to know if somebody is using a "special" software in order to
"catch" any intruder in the LAN in real time, (we have seen some solutions
using hardare but it is not affordable for us), also the only way to check
for intruders is checking daily the DHCP server for unidentified pcs.
Do you know if there is a software solution for a Windows 2000 server
environment to check intruders in the LAN?.
Thanks in advanced.

MCP Ricardo Lopez
(E-Mail Removed)

Normally most of the monitoring software you see out there
is for the points of entry e.g., firewall or router connected to
the outside world. Physical access is a different story. Once
a person gains physical access to your LAN things become
much more complicated. One question that comes to mind is
how can a visitor plug their laptop into your LAN and gain
access to your domain resources without credentials?

"Ricardo Lopez" <(E-Mail Removed)> wrote in message news:
> Hi guys this is the first time that I write on this service.
> I am from Mexico so sorry for any syntax error.
> Well, I would like to know if somebody is having problems with "intruders"
> on your LAN?
> Here is the history...
> I am working in a company with several visits from corporate office and of
> course I have to leave several services (network nodes) activated for
> these
> visits.
> Unfortunately, we received other kind of people (suppliers, consultants,
> outsourcing etc...) , with their own pc´s, and they conect their laptops
> on
> this active network nodes sometimes without asking for any permission to
> use
> our LAN resources.
> I have a DHCP server and of course I can not reserve IP addresses for each
> pc that is conected to our network.
> So, I want to know if somebody is using a "special" software in order to
> "catch" any intruder in the LAN in real time, (we have seen some solutions
> using hardare but it is not affordable for us), also the only way to check
> for intruders is checking daily the DHCP server for unidentified pcs.
> Do you know if there is a software solution for a Windows 2000 server
> environment to check intruders in the LAN?.
> Thanks in advanced.
>

Network security means physical control of the building as well,...computer
technology won't solve everything.

You could set aside a subnet and make sure that all the wall outlets that
are accessable to outsiders bringing in machines are physically connected to
the subnet,...then don't provide DHCP for that subnet,...this forces them to
come to you to get a static address to apply to thier machine.

If you can't control the building in this way, then quite frankly, you
cannot control this,..period.

One possible solution is to use an Internet Sharing Device that authenticate
by user account instead, ..such as ISA Server. Then even though they can
get on the network physically, they still can't access the Internet. But
this won't protect your LAN itself.

If you don't run the company, then you are wasting your time anyway. The
people who run the company are the only ones who have the "power" to make
these things happen and they then tell you what they want done,...and then
you tell them how you can do it and what you need to do it.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Ricardo Lopez" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi guys this is the first time that I write on this service.
> I am from Mexico so sorry for any syntax error.
> Well, I would like to know if somebody is having problems with "intruders"
> on your LAN?
> Here is the history...
> I am working in a company with several visits from corporate office and of
> course I have to leave several services (network nodes) activated for
these
> visits.
> Unfortunately, we received other kind of people (suppliers, consultants,
> outsourcing etc...) , with their own pc´s, and they conect their laptops
on
> this active network nodes sometimes without asking for any permission to
use
> our LAN resources.
> I have a DHCP server and of course I can not reserve IP addresses for each
> pc that is conected to our network.
> So, I want to know if somebody is using a "special" software in order to
> "catch" any intruder in the LAN in real time, (we have seen some solutions
> using hardare but it is not affordable for us), also the only way to check
> for intruders is checking daily the DHCP server for unidentified pcs.
> Do you know if there is a software solution for a Windows 2000 server
> environment to check intruders in the LAN?.
> Thanks in advanced.
>
> MCP Ricardo Lopez
> (E-Mail Removed)
>
>
>

Hi Michael
Answering to your question, about our "resources" is that he gets access to
the Internet.
When he plugs his laptop on the active node, the dhcp server gives him a
valid ip, and of course all the settings (subnet mask, gateway, dns
servers), with this, he gets access to our Internet and potentially he can
infected the LAN with a virus if the laptop does not have the patches for
Windows and a good antivirus.
Also, he can not get access to our servers (erp system, etc...he need
credentials), even to others PCS (shared folders), he only gets access to
the Internet and he can infect the LAN with a Virus. I would like to know
how can I "catch" this "intruder" in the moment when he conect the laptop to
the Node and gets a valid IP?.
I can not create a subnet for some nodes and activate them any time when
somebody from corporate wants use the lan in order to conect to the WAN, and
as Phillip says, we can not afford a device or a ISA server.
Thanks for any advice.
Regards.





"Michael Giorgio - MVP" <(E-Mail Removed)> escribió en el
mensaje news:%(E-Mail Removed)...
> Normally most of the monitoring software you see out there
> is for the points of entry e.g., firewall or router connected to
> the outside world. Physical access is a different story. Once
> a person gains physical access to your LAN things become
> much more complicated. One question that comes to mind is
> how can a visitor plug their laptop into your LAN and gain
> access to your domain resources without credentials?
>
> "Ricardo Lopez" <(E-Mail Removed)> wrote in message news:
>> Hi guys this is the first time that I write on this service.
>> I am from Mexico so sorry for any syntax error.
>> Well, I would like to know if somebody is having problems with
>> "intruders"
>> on your LAN?
>> Here is the history...
>> I am working in a company with several visits from corporate office and
>> of
>> course I have to leave several services (network nodes) activated for
>> these
>> visits.
>> Unfortunately, we received other kind of people (suppliers, consultants,
>> outsourcing etc...) , with their own pc´s, and they conect their laptops
>> on
>> this active network nodes sometimes without asking for any permission to
>> use
>> our LAN resources.
>> I have a DHCP server and of course I can not reserve IP addresses for
>> each
>> pc that is conected to our network.
>> So, I want to know if somebody is using a "special" software in order to
>> "catch" any intruder in the LAN in real time, (we have seen some
>> solutions
>> using hardare but it is not affordable for us), also the only way to
>> check
>> for intruders is checking daily the DHCP server for unidentified pcs.
>> Do you know if there is a software solution for a Windows 2000 server
>> environment to check intruders in the LAN?.
>> Thanks in advanced.
>>
>
>

"Phillip Windell" <@.> wrote in message
news:uSz$(E-Mail Removed)...
> Network security means physical control of the building as
> well,...computer
> technology won't solve everything.
>
> You could set aside a subnet and make sure that all the wall outlets that
> are accessable to outsiders bringing in machines are physically connected
> to
> the subnet,...then don't provide DHCP for that subnet,...this forces them
> to
> come to you to get a static address to apply to thier machine.
>
> If you can't control the building in this way, then quite frankly, you
> cannot control this,..period.
>
> One possible solution is to use an Internet Sharing Device that
> authenticate
> by user account instead, ..such as ISA Server. Then even though they can
> get on the network physically, they still can't access the Internet. But
> this won't protect your LAN itself.
>
> If you don't run the company, then you are wasting your time anyway. The
> people who run the company are the only ones who have the "power" to make
> these things happen and they then tell you what they want done,...and then
> you tell them how you can do it and what you need to do it.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
Microsoft have a very interesting system in place for their own lan which
should be appearing in Longhorn. Essentially any connection to their network
is first made to a quarantined area which contains a server which checks you
workstation for the latest av updates, patches and a certificate. If you
pass all of these tests you get an IP on their lan. If you fail you have the
option to be patched up to date via a server in the quarantined zone. Only
then can you get connected to the rest of the lan.

Apparently the idea was to incorporate this technology in 2003 R2 but the
timeframe has slipped