URGENT: Prevent from connecting Notebooks to my LAN

Discussion in 'Server Networking' started by Jazmin Gutierrez, Oct 9, 2007.

  1. Is there anyway to prevent from connecting notebooks and PDAs to my LAN?
    I heard that IPSec is the solution but I STILL have Windows 98 computers in
    my network.

    1) Is is possible to apply IPSec only for Windows XP/Vista computers? Most
    notebooks have XP/Vista OSs.

    2) How to prevent DHCP server to assign and IP address to an unauthorized
    computer?

    3) What other solutions do I have (that includes windows 98)? Maybe
    MAC-Address based control? Is it included with Windows 2003?

    Thanks!
     
    Jazmin Gutierrez, Oct 9, 2007
    #1
    1. Advertisements

  2. How do they make the people come to work on time? Make them do their work?
    Keep them from stealing the toilet paper? You just don't let them bring
    outside machines into the building, if they do then they have to stay in the
    bag, if they don't obey then have estblished "punishments" in place. If
    Management won't do that then you are wasting your time since I.T. people
    typically don't run the company.

    Networking equipment gets smarter all the time,...but networking equipment
    still is not a "babysitter".


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
     
    Phillip Windell, Oct 9, 2007
    #2
    1. Advertisements

  3. :)
    I see this applies in all countries & all companies.
     
    Jazmin Gutierrez, Oct 9, 2007
    #3
  4. You could simply not use DHCP in areas of the building where they are doing
    this,...or just unplug any wall jacks at the patch panel where there is no
    official machine at that jack,..in other words don't leave live jacks
    around.

    If it is wireless, then you may have to limit the connectability to the WAP
    by MAC Address since the users are probably going to know the WPA "key".

    "User beatings" still work the best and make the greatest
    "impression",...but "technical" solutions often just make the user "proud of
    themselves" and feel like they have bragging rights when they find a way
    around them, particularly when there is no incentive to obey the rules.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Troubleshooting Client Authentication on Access Rules in ISA Server 2004
    http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Microsoft ISA Server Partners: Partner Hardware Solutions
    http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
    -----------------------------------------------------
     
    Phillip Windell, Oct 9, 2007
    #4
  5. People will try to get away with anything they can if not stopped. Rules
    are no rules at all if there is no willingness to enforce them.

    I know the employment laws are different in different countries, but I don't
    think any business would survive if it "let the inmates run the asylum".
    Somebody has to be in charge and have the power to enforce thier job.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Oct 9, 2007
    #5
  6. The behavioral modification API is still a work in progress...
     
    John Fullbright, Oct 10, 2007
    #6
  7. Hehe,...I can't wait! I'll beta test it!

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Oct 10, 2007
    #7
  8. Jazmin Gutierrez

    jas0n Guest

    We are going down the NAC route at the moment but before NAC we were
    looking at 802.1x which looked straight forward enough - if you run
    Windows Servers you already have IAS which is a radius server you can
    use with most managed switches that support 802.1x.

    I did at one point have it on two seperate vlans where the guest would
    stay in the original vlan which had basic internet access and only if
    authenticated moved them into the company vlan with access to servers
    etc.
     
    jas0n, Oct 10, 2007
    #8
  9. Jazmin Gutierrez

    Al Dunbar Guest

    Exactly right! Of course, the responsibility for setting company policy does
    not belong to IT.

    And if IT were to apply a technological solution to unauthorized network
    connections (unauthorized by whom?), then one complaint from a user who
    claims to be inhibited in his ability to do his work is all it would take
    for the (rather weak-kneed) management to rule in favour of the user and
    against IT.

    /Al
     
    Al Dunbar, Oct 12, 2007
    #9
  10. Jazmin Gutierrez

    Al Dunbar Guest

    On whom - yourself or one of your users?

    /Al
     
    Al Dunbar, Oct 12, 2007
    #10
  11. My evil twin!

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Oct 12, 2007
    #11
  12. I do understand that.
    I face it here as well sometime. I have a story or two I could tell that I
    just don't feel I can tell in a public newsgroup.
    If there was a really good solution for this I would be using it myself and
    would gladly share it with the rest.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Oct 12, 2007
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.