Re: prohibiting visitors from connecting to network

[Fred Cohen <fred.cohen () all net>]

Or you might try 802.1X

FC

On Oct 22, 2005, at 9:31 AM, Brian Loe wrote:

> Why not limit DHCP to known MAC addresses. The administrative costs  
> of this
> might be pretty high at first, but you could eventually work out an
> automated system for adding/removing machines. That's the only  
> "free" option
> that I can think of.
>
> Even then, though, I believe you can spoof MAC addresses so...
>
>
> > -----Original Message-----
> > From: Alexander Suhovey [mailto:asuhovey () mtu-net ru]
> > Sent: Thursday, October 20, 2005 2:01 PM
> > To: 'Cesar Diaz'; security-basics () securityfocus com
> > Subject: RE: prohibiting visitors from connecting to network
> >
> >
> > > What I'm looking for is a way to secure DHCP so that only our
> > > laptops/workstations can get a DHCP address.
> > > I was thinking of something like EAP used for remote access with
> > > certificates to keep computers without a certificate from
> > receiving an
> >
> > > IP address, but I can find any information on implementing this.

-- This communication is confidential to the parties it is intended  
to serve --
Security Posture            securityposture.com          tel/fax
University of New Haven               unhca.com        925-454-0171
Fred Cohen & Associates                 all.net      572 Leona Drive
Security Management Partners    policygeeks.com    Livermore, CA 94550