Home page logo
/

basics logo Security Basics mailing list archives

Re: stick a laptop to a LAN
From: Mario Platt <mplatt () gmail com>
Date: Mon, 23 Jan 2006 18:51:01 +0000

That would be a good idea, but you would have to encrypt most of the
data. The machine would have to have a static IP address and the user
wouldn't be able to modify it... even then, if the user happened to be
on a network which had the same addressing scheme as your private
network, the (probable) traffic that you would not be able to encrypt,
would still pass on. Besides, windows machines are usually "noisy" on
a network so, it would be noticeable and, if someone thought it was
valuable, he/she could try to access on non-secured ports.
My suggestion is the use of 802.1x, and not permitting it to fallback
to "unauthenticated" connectivity.

best regards

On 1/23/06, Beauford, Jason <jbeauford () eightinonepet com> wrote:
I'm not sure of the details here, but this MAY be a possibilty.

Create IPSEC policies which allow the laptop to connect to only your
network (secure server required etc..).  Then lock down that snapin so
that only domain Admins can edit it.

Maybe others on the list can add more to this idea...?


Kind Regards,

Jason M. Beauford.

        |  -----Original Message-----
        |  From: Steven Meyer [mailto:meysteven () gmail com]
        |  Sent: Friday, January 20, 2006 6:24 AM
        |  To: security-basics () securityfocus com
        |  Subject: stick a laptop to a LAN
        |
        |  Hi everyone,
        |  We already had a few discussions about preventing
        |  laptop to connect to our secured network.
        |  My question would be the exact opposite: we have a
        |  secured network with one laptop for external
        |  presentations.The only way to to put anything on the
        |  laptop is threw the network (CD ROM, usb, diskette
        |  etc. are disabled). But the real problem is how to
        |  protect the laptop from being connected to a other
        |  network and be infected with spyware, virus etc...
        |  and even worse having some of our data going threw
        |  other LANs.
        |  how could I be sure that the laptop will ONLY be
        |  able to connect to our LAN and not any other.
        |  Thanks for any help or hints.
        |  Steven Meyer
        |

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault