802.1x is your friend here.
Certificates can be assigned by your domain CA and authenticated against it.
You can also configure your CA to set the certificates as non-exportable to prevent "sharing".
If you restrict network access at L2, L3+ is a moot point.
Jim Harrison
I absolutely hate "the customer can stand on their left foot, hold one hand over their head and chant "booga-wonka-whee!" while pressing CTRL-ALT-WIN-PrtScn-SrlLk twice in rapid succession three times" answers to technical issues...
-----Original Message-----
From: Davy Davidson [mailto:davy_emp (at) hotmail (dot) com [email concealed]]
Sent: Friday, August 25, 2006 12:53 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: IP address assignment problem
Hi,
I have a little problem and seek for ur thoughts, let's assume I'm in a very
open environment where everyone can very easily try to get his/her laptop on
the network and IP addresses are assigned by a DHCP server and we are in a
domain environment, how do I prevent machines that are not part of our
domain to be assigned an IP address?
Thanks
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/
Certificates can be assigned by your domain CA and authenticated against it.
You can also configure your CA to set the certificates as non-exportable to prevent "sharing".
If you restrict network access at L2, L3+ is a moot point.
Jim Harrison
I absolutely hate "the customer can stand on their left foot, hold one hand over their head and chant "booga-wonka-whee!" while pressing CTRL-ALT-WIN-PrtScn-SrlLk twice in rapid succession three times" answers to technical issues...
-----Original Message-----
From: Davy Davidson [mailto:davy_emp (at) hotmail (dot) com [email concealed]]
Sent: Friday, August 25, 2006 12:53 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: IP address assignment problem
Hi,
I have a little problem and seek for ur thoughts, let's assume I'm in a very
open environment where everyone can very easily try to get his/her laptop on
the network and IP addresses are assigned by a DHCP server and we are in a
domain environment, how do I prevent machines that are not part of our
domain to be assigned an IP address?
Thanks
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]