----- "David" <[email protected]> a écrit : > Let me say, I'm not trying to be a BOFH. (Though there are days when > it > seems appealing.) If there is a valid case for giving a device access > > to the corporate network, it will be done. > > Looking back at it, the goal is two fold: > - to detect illegal devices > - block illegal devices > > I recently found out someone decided they would use their personal > laptop instead of the workstation provided to them to do their work. > > It's been two months! The excuse I received was "I know what I'm > doing, > nothing will happen". This is what I want to stop.
As stated earlier, some manageable switches allow you to authenticate workstations using admin-provided x509 certificates (802.1x). I've seen many places where authenticated devices would have acces to the corporate network, while unauthenticated ones would land on another vlan, going out through a different internet connection, with no access to the corporate resources. People willing to use or their own laptop or modern office gadgets (chumbys, photo frames, and al) can still connect and access the internet, but are unable to access file & print shares, and intranet apps. Which can be annoying enough. Furthermore their trojan-infected machines won't affect the corporate network. Jerome _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
