John Scrivner wrote:
Anyone out there have experience with PPPoE?.
[ snip ]
Based on the scenario you've described, PPPoE may not be the best
solution. It'll probably break a lot of Windows-specific stuff (printer
and file sharing leap to mind). Those could be worked around with a
sufficiently complex firewall setup, but it might be more trouble than
it's worth.
A few other ideas pop into mind right off:
* Many higher-end managed switches can be set up to only allow specified
MAC addresses network access. You could do a network audit, get a list
of all the allowed MACs in a location, and tell the switch to drop other
traffic. Think "wireless MAC authentication" only with wires. :)
* Put all the "important" stuff in a separate subnet and require VPN
logins to access it. Configure the firewall to only allow access from
IPs allocated to the VPN subnet. This won't keep someone from bringing
in their own laptop and connecting to the VPN, but at least you'll know
who did it. You could do this with StarOS, RouterOS, or even
Windows/Active Directory if you're brave enough.
* Fear and paranoia. Spread the word that the network is regularly
monitored for unauthorized access, and that unauthorized MACs being seen
from your port on the switch could be a write-up/lose-your-job offense.
Use a managed switch that can record MAC-to-physical-port associations,
and dump the logs somewhere. If you're really ambitious, actually review
the logs on occasion and follow up on those threats :D
David Smith
MVN.net
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
