You could reserve every IP address on you DHCP server with MAC addresses
from you known user base. A pain in the hump for sure. If you have network
switches capable of L2 security you could lock down the ports to prevent
unauthorized MAC addresses from connecting to the network to begin with.
HTH
-----Original Message-----
From: Paul Aviles [mailto:paviles (at) adjoined (dot) com [email concealed]]
Sent: Wednesday, January 19, 2005 3:30 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Dhcp security
I have a weird question maybe. Is there a way to prevent our DHCP from
giving leases to computers not in our domain? I don't want anyone that walks
in to just connect and have the possibility of a network viruses getting
loose. Is this possible?
My setup is a typical AD 2K environment, simple domain no empty root.
from you known user base. A pain in the hump for sure. If you have network
switches capable of L2 security you could lock down the ports to prevent
unauthorized MAC addresses from connecting to the network to begin with.
HTH
-----Original Message-----
From: Paul Aviles [mailto:paviles (at) adjoined (dot) com [email concealed]]
Sent: Wednesday, January 19, 2005 3:30 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Dhcp security
I have a weird question maybe. Is there a way to prevent our DHCP from
giving leases to computers not in our domain? I don't want anyone that walks
in to just connect and have the possibility of a network viruses getting
loose. Is this possible?
My setup is a typical AD 2K environment, simple domain no empty root.
Thanks
Paul
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]