AllExperts > Computer Security & Viruses 
Search      
Computer Security & Viruses
Volunteer
Answers to thousands of questions
 Home · More Computer Security & Viruses Questions · Answer Library  · Encyclopedia ·
More Computer Security & Viruses Answers
Question Library

Ask a question about Computer Security & Viruses
Volunteer
Experts of the Month
Expert Login

Awards

About Us
Tell friends
Link to Us
Disclaimer

 
 
 
 
About Carolyn Meinel
Expertise
I cover Windows, Unix, TCP/IP and Ethernet security questions. I do not cover Mac, Palm Pilot, or other networking issues.

Experience
Books by Carolyn Meinel: wrote a chapter for The Hacking of America book (see http://www.amazon.com/exec/obidos/ASIN/1567204600/happyhacker) My article Code Red for the Web for Scientific American was reprinted in the book Best American Science Writing 2002 (see http://www.amazon.com/exec/obidos/ASIN/0060936509/happyhacker). My book The Happy Hacker: A Guide to Mostly Harmless Hacking is now in 4th edition with a Japanese edition (see http://happyhacker.org/hhbook/).
 
   

You are here:  Experts > Computing/Technology > Internet/Network Security > Computer Security & Viruses > Non standard machines

Computer Security & Viruses - Non standard machines

Expert: Carolyn Meinel - 8/6/2007

Question
In our network I want to control who is connected to our network and getting DHCP IP, the problem is we have our standard machines - up to date, patchs and antivirus- and wants to make sure any other machines are not allowed to be part of the network

Answer
You have a tough problem here -- but you are way ahead of many sysadmins in recognizing that it is a problem

To keep other machines from getting on your system, first of all you will need to regularly scan for rogue wireless connections. If any computer on the network is able to connect to wireless networks, it could potentially allow outside computers into your network.

There are two ways for this to happen. A computer's wireless adapter could allow a peer to peer connection, meaning outsiders might connect the that computer through its adapter. Even worse, the person using that computer might choose to connect it to a wireless access point outside of your network. Laptop users often are especially bad offenders.

How do you keep wireless enabled computers out of your network? It's not easy as some people may not voluntarily follow your rules. To enforce your rule, you could scan your facility and your nearby area for wireless adapters and access points. To do this successfully you will need a computer with an exceptionally sensitive wireless adapter and good software. See http://www.wardrive.net/ for detailed help.

Now assuming you can keep out all wireless hardware from your facilities, you can then control all your wired (presumably Ethernet) access with the appropriate switches and hubs. Look for hardware that allows you to turn each port on or off and to specify the MAC address of the Ethernet adapter of a computer that you wish to allow to connect to any particular port.

This isn't a perfect solution as there are some Ethernet adapters that allow the user to change the MAC address. But by only allowing MAC addresses of your choice, only somebody super sophisticated could sneak a rogue computer into your network.

Add to this Answer    Ask a Question



  Rate this Answer
   Was this answer helpful?
Not at allDefinitely              
   12345  

     
About Us | Advertise on This Site | User Agreement | Privacy Policy | Help
Copyright  © 2008 About, Inc. About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.