locked
How to prevent unauthorized computer connections on a wired network RRS feed

  • Question

  • Our network is in a public location that spreads across multiple buildings.  We are not in control of physical security to rooms with physical network connections to our network and also do not have control of the network switches.  We are now having individuals connect personal laptops to the network and this poses a security risk.  Our IP scheme is well known so these individuals are using valid IP address to communicate to each other without logging into our domain. 

    I have considered moving all workstations and servers to DHCP and then making reservations for each mac address -> IP.  Is there a more efficient way of solving my problem?  I thought about NAP but this doesn't seem to prevent a rogue mac address from using a proper IP address.

    Thank you in advance.

    Thursday, July 26, 2012 4:01 PM

Answers

  • Hi,

    Thanks for posting here.

    I would suggest to accomplish by deploying  802.1X capable switch devices in your network and make it to work with RADIUS server for authentication . With these devices, the port is not opened by default until we provide proper credentials and passed the authentication base on the policies and conditions are be defined in RADIUS server. That will secure our network and prevent unauthorized devices connect into our network even with same physical address and same IP address:

    802.1X Authenticated Wired Access

    http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, July 31, 2012 5:28 AM

All replies

  • Hi,

    Thanks for posting here.

    I would suggest to accomplish by deploying  802.1X capable switch devices in your network and make it to work with RADIUS server for authentication . With these devices, the port is not opened by default until we provide proper credentials and passed the authentication base on the policies and conditions are be defined in RADIUS server. That will secure our network and prevent unauthorized devices connect into our network even with same physical address and same IP address:

    802.1X Authenticated Wired Access

    http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, July 31, 2012 5:28 AM
  • Maybe this link help you

    http://www.teletechnika-system.pl/oferta/sieci-komputerowe/


    • Edited by NSUKER Wednesday, January 29, 2014 12:24 PM
    Wednesday, January 29, 2014 12:24 PM