This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

How to prevent unauthorized computer connections on a wired network

Question
0

Sign in to vote

Our network is in a public location that spreads across multiple buildings. We are not in control of physical security to rooms with physical network connections to our network and also do not have control of the network switches. We are now having individuals connect personal laptops to the network and this poses a security risk. Our IP scheme is well known so these individuals are using valid IP address to communicate to each other without logging into our domain.

I have considered moving all workstations and servers to DHCP and then making reservations for each mac address -> IP. Is there a more efficient way of solving my problem? I thought about NAP but this doesn't seem to prevent a rogue mac address from using a proper IP address.

Thank you in advance.

Thursday, July 26, 2012 4:01 PM

Answers

0

Sign in to vote
Hi,

Thanks for posting here.

I would suggest to accomplish by deploying 802.1X capable switch devices in your network and make it to work with RADIUS server for authentication . With these devices, the port is not opened by default until we provide proper credentials and passed the authentication base on the policies and conditions are be defined in RADIUS server. That will secure our network and prevent unauthorized devices connect into our network even with same physical address and same IP address:

802.1X Authenticated Wired Access

http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx

Thanks.

Tiger Li
Tiger Li

TechNet Community Support
- Marked as answer by Tiger LiMicrosoft employee Thursday, August 2, 2012 8:13 AM
Tuesday, July 31, 2012 5:28 AM

All replies

0

Sign in to vote
Hi,

Thanks for posting here.

I would suggest to accomplish by deploying 802.1X capable switch devices in your network and make it to work with RADIUS server for authentication . With these devices, the port is not opened by default until we provide proper credentials and passed the authentication base on the policies and conditions are be defined in RADIUS server. That will secure our network and prevent unauthorized devices connect into our network even with same physical address and same IP address:

802.1X Authenticated Wired Access

http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx

Thanks.

Tiger Li
Tiger Li

TechNet Community Support
- Marked as answer by Tiger LiMicrosoft employee Thursday, August 2, 2012 8:13 AM
Tuesday, July 31, 2012 5:28 AM
0

Sign in to vote
Maybe this link help you

http://www.teletechnika-system.pl/oferta/sieci-komputerowe/
- Edited by NSUKER Wednesday, January 29, 2014 12:24 PM
Wednesday, January 29, 2014 12:24 PM