What about setting up an "IP hog?" I've seen a setup with a Linux box that

has multiple subnets bound to it's NICs. Basically, you set a whole subnet

(or more) to a card, and then when you want another NIC to have a DHCP lease,

you reduce the range of the DHCP hog by one, and then the new NIC can receive

a lease.

This may be off topic (since it is non-MS) but a spare PII would do the trick

I believe.

//Lawrence Brownlee

//Minor, Bell, and, Neal P.C.

##-----Original Message-----

##From: Dan Bartley [mailto:bartleyd (at) corp.netcarrier (dot) com [email concealed]]

##Sent: Monday, January 19, 2004 1:24 PM

##To: Kristi Roose; focus-ms (at) securityfocus (dot) com [email concealed]

##Subject: RE: About MS-Networking security.

##

##

##You can configure DHCP to use reservations and exclude all

##IPs not assigned a reservation. This will keep a dynamic IP

##from being assigned, however it does not prevent someone from

##manually configuring their computer with an unused IP and

##getting on the network.

##

##A firewall and/or middle man like Internet Security and

##Acceleration Server can be used to restrict access based on

##IP. In the case of ISA you can restrict by domain logon too.

##

##Best Regards,

##

##Dan Bartley

##

##-----Original Message-----

##From: Kristi Roose [mailto:kroose (at) vermeermfg (dot) com [email concealed]]

##Sent: Monday, January 19, 2004 11:04

##To: focus-ms (at) securityfocus (dot) com [email concealed]

##Subject: RE: About MS-Networking security.

##

##Does anyone have any solutions to keep a user from plugging

##into the LAN from inside the company? Is there a way to

##restrict DHCP addresses by MAC address?

##

##Kristi

##

##

##-----Original Message-----

##From: Depp, Dennis M. [mailto:deppdm (at) ornl (dot) gov [email concealed]]

##Sent: Friday, January 16, 2004 7:20 PM

##To: Wronski, Michael C (MED); Cyber Chiu`; focus-ms (at) securityfocus (dot) com [email concealed]

##Subject: RE: About MS-Networking security.

##

##

##Microsoft has a solution where remote users are scanned and

##verified clean before they are allowed to create a remote

##session, either using VPN or dialup. Their solution is based

##on Windows Server 2003. I think Cisco may have a similar

##solution, at least they should. There may be others as well.

##

##Denny

##

##-----Original Message-----

##From: Wronski, Michael C (MED) [mailto:Michael.Wronski (at) med.ge (dot) com [email concealed]]

##Sent: Thursday, January 15, 2004 5:22 PM

##To: 'Cyber Chiu`'; focus-ms (at) securityfocus (dot) com [email concealed]

##Subject: RE: About MS-Networking security.

##

##This is a common problem with no single solution. No matter

##what you do, the mobile user is going to be a high risk

##entity. Education of the user of their ability to cause harm

##to their own data and the company network is a great start.

##They need to be aware that their actions can cause

##catastrophic results. After education, the following are the most

##important:

##

##-Install Personal Firewall and AV on all laptops and make

##sure you educate the users on the function of the software.

## -Lock down the configuration so it cant be disabled by the user

## -Enable aggressive live updates (daily) and scans (daily)

##

##-Patching Automation - Before your user leaves the network,

##their laptops should be patched with the more recent OS updates.

##

##-Its best of your laptop users can connect to a "sandbox"

##network on return to the office or if you can separate all

##physical connection that belong to mobile users on a sandbox

##VLAN. This can be difficult to manage depending on your

##current network design.

##

##-M

##

##

##-----Original Message-----

##From: Cyber Chiu` [mailto:cchiu (at) hotspur.com (dot) hk [email concealed]]

##Sent: Sunday, January 11, 2004 3:26 PM

##To: focus-ms (at) securityfocus (dot) com [email concealed]

##Subject: About MS-Networking security.

##

##

##

##

##Hi all, I have a question about portable computer security

##concern. My company have firewall protection, all desktop are

##behind firewall. However, My saleman need to do their

##business with a Laptop. When they're in office. They will

##connect their laptop to our internet.

##

##I think it's danger because we don't know it's infected by

##virus or not. can anyone suggest me what to do?

##

##--------------------------------------------------------------

##----------

##---

##--------------------------------------------------------------

##----------

##---

##

##--------------------------------------------------------------

##----------

##---

##--------------------------------------------------------------

##----------

##---

##

##

##

##--------------------------------------------------------------

##----------

##---

##--------------------------------------------------------------

##----------

##---

##

##

##

##

##--------------------------------------------------------------

##----------

##---

##--------------------------------------------------------------

##----------

##---

##

##

##

##

##--------------------------------------------------------------

##-------------

##--------------------------------------------------------------

##-------------

##

##

Confidentiality Note:

This e-mail is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is prohibited. If you have received this e-mail in error, please call the Administrator of Minor, Bell & Neal, P.C. at 706-259-2586 and destroy the original message and all copies.

[ reply ]