zap with domain controller

Hi,
I have already taken all the wireless precautions.
Still, if someone is able to join my network and i am running a Domain
Controller, can i zap them or otherwise influence their time on my network?
Do they have to authenticate with my domain controller to use my network and
try to dork me?

To join a domain, you have to insert the username\password of the admin
of the domain into Windows. That said, to the best of my knowledge
(still in school, so I am not 100% sure on anything) a DC cannot act as
a security gateway with the ability to kick people off. A DC is used for
username/password auth, roaming profiles, security policies, etc.

What you want to do is get two somewhat old Linux boxes and setup a
NoCat Auth Gateway. I set one up in a couple hours (I had Linux
pre-installed so it didn't take me long). NoCat won't let any network
traffic occur until you open a browser and login. I am sure it can be
hacked, but what can't be hacked these days?

--Scott

UnPloinkable . wrote:
> Hi,
> I have already taken all the wireless precautions.
> Still, if someone is able to join my network and i am running a Domain
> Controller, can i zap them or otherwise influence their time on my network?
> Do they have to authenticate with my domain controller to use my network and
> try to dork me?
>
>

Linux- Nocat Auth gateway - that sounds great in principle , but it sounds
real hard for a jackass jerk like me

"/dev/scott0" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> To join a domain, you have to insert the username\password of the admin of
> the domain into Windows. That said, to the best of my knowledge (still in
> school, so I am not 100% sure on anything) a DC cannot act as a security
> gateway with the ability to kick people off. A DC is used for
> username/password auth, roaming profiles, security policies, etc.
>
> What you want to do is get two somewhat old Linux boxes and setup a NoCat
> Auth Gateway. I set one up in a couple hours (I had Linux pre-installed so
> it didn't take me long). NoCat won't let any network traffic occur until
> you open a browser and login. I am sure it can be hacked, but what can't
> be hacked these days?
>
> --Scott
>
> UnPloinkable . wrote:
>> Hi,
>> I have already taken all the wireless precautions.
>> Still, if someone is able to join my network and i am running a Domain
>> Controller, can i zap them or otherwise influence their time on my
>> network?
>> Do they have to authenticate with my domain controller to use my network
>> and try to dork me?
>>

On Thu, 2 Sep 2004 21:32:35 -0600, UnPloinkable
.. spoketh

>Hi,
>I have already taken all the wireless precautions.
>Still, if someone is able to join my network and i am running a Domain
>Controller, can i zap them or otherwise influence their time on my network?
>Do they have to authenticate with my domain controller to use my network and
>try to dork me?
>

If the security settings on your wireless network is not up to par, it
is possible for someone to connect to your network. Connecting to and
accessing your server is a whole other issue, and depends on the
strength of the passwords needed to connect to the server.

The DC can only influence users that a logged into the domain. If
someone is just leaching bandwidth from you and not logged into the
domain, then there's little you can do other than improving the security
of your wireless network.

Consider using a Radius server to authenticate your wireless clients.
Since you're talking "domain" and "DC", I assume you have a windows
server, and Internet Authentication Service (IAS) should come with at
least the last three versions of windows server (NT4, W2K, W2003). Using
this, you can restrict time when anyone can connect to the access point,
plus they'll need to authenticate to the windows domain before they'll
be given access to the wireless network...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

radius is the way to go then!
"Lars M. Hansen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 2 Sep 2004 21:32:35 -0600, UnPloinkable
> . spoketh
>
>>Hi,
>>I have already taken all the wireless precautions.
>>Still, if someone is able to join my network and i am running a Domain
>>Controller, can i zap them or otherwise influence their time on my
>>network?
>>Do they have to authenticate with my domain controller to use my network
>>and
>>try to dork me?
>>
>
> If the security settings on your wireless network is not up to par, it
> is possible for someone to connect to your network. Connecting to and
> accessing your server is a whole other issue, and depends on the
> strength of the passwords needed to connect to the server.
>
> The DC can only influence users that a logged into the domain. If
> someone is just leaching bandwidth from you and not logged into the
> domain, then there's little you can do other than improving the security
> of your wireless network.
>
> Consider using a Radius server to authenticate your wireless clients.
> Since you're talking "domain" and "DC", I assume you have a windows
> server, and Internet Authentication Service (IAS) should come with at
> least the last three versions of windows server (NT4, W2K, W2003). Using
> this, you can restrict time when anyone can connect to the access point,
> plus they'll need to authenticate to the windows domain before they'll
> be given access to the wireless network...
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"

On Fri, 3 Sep 2004 07:52:23 -0600, UnPloinkable
.. spoketh

>radius is the way to go then!

For those with the hardware and software, it's definitely worth
examining...

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)