Your options depend on how much control you want
1. IEEE 802.1X + Radius
Use specialized 3COM or CISCO switches to authenticate users who want to use
the network. You need RADIUS/TACACS for this
(http://en.wikipedia.org/wiki/802.1x). Most paid wireless methods use this
technique.
But this method does not stop someone from connecting a computer to the
port, doing sniffing (even with a switch he will be able to see broadcasts) and
then assigning a static IP. Also this works mostly for TCP/IP protocols.
2. MAC Address filtering
Use more specialized 3COM or CISCO switches to allow only specific MAC
addresses to access the physical port. Works regardless of the protocol. Stops
the network access instantaneously.
This method provides the most fine-grained security but maintenance is
extremely high as you need to keep track which computers will be plugged to
which physical port. Also it can be defeated if the MAC address is spoofed (but
this requires the 'bad person' has physical access to the specific port, so by
this
time your security has already been compromised)
You can read more in NSA (as in National Security Agency) Cisco Switch Security
Guide http://www.nsa.gov/snac/os/switch-guide-version1_01.pdf
Also try (http://www.nsa.gov/snac/downloads_all.cfm ->
http://www.nsa.gov/notices/notic00004.cfm?Address=/snac/routers/C4-040R-02.pdf)
I recommend using CISCO 2950 (make sure you get the Enhanced Software Image
IOS) or 3COM 4400 family. Yes, I know these items are expensive so
an alternative way would be to invest in physical/policy security.
Ambo
Junix Gaspar <[EMAIL PROTECTED]> wrote: Hello Guys,
I am trying to lock my network with IP Sentinel
(http://www.nongnu.org/ip-sentinel/).
however, the method it has is to identify the MAC of the offending PC
who tried to use another IP that is not for them.
Or have the specific MAC of the offending PC blocked
Is there another solution out there that will make sure that ONLY authorized
MAC will participate in the Network. Non authorized PC/MAC will just get lost.
JGaspar
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
---------------------------------
Expecting? Get great news right away with email Auto-Check.
Try the Yahoo! Mail Beta.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
