Re: MAC Filtering Part II
From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 01/20/05
- Next message: Pegasus \(MVP\): "Re: VBS Script doesn't run as a scheduled task"
- Previous message: cristalink: "Re: Scheduled NTbackup Fails"
- In reply to: KWME: "MAC Filtering Part II"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 20 Jan 2005 20:33:00 -0000
Hi. As Mike has explained, IPSec is going to be the best way for you to
resolve your problem. MAC Address filtering is very insecure and can be
overcome easily. Deployment is quite straight forward using Kerberos with
Active Directory, or Certificates which requires a few additional steps for
a Certificate Authority and deployment and certificates. When configuring
IPSec you will need to consider any network attached devices which do not
support IPSec e.g. print servers, NAS devices etc. Devices which don't
support IPSec will require some additional configuration so that they are
allowed to communicate without IPSec.
In your post you don't include any details on your network layout or what
types of security intrusions you've had so far. How are you workstations
connected to the internet i.e. server acting as a gateway, direct access to
a router as a gateway etc ? How are you controlling legitimate internet
access, e.g. are you using ISA server ?
-- Hth, Stuart Mackie www.stu.uk.com "KWME" <KWME@discussions.microsoft.com> wrote in message news:CB068EF2-FD2E-4774-B0F4-312E813A6296@microsoft.com... > I'll try to be more complete this time. I'm running a network in a high > school where teachers have computers in every classroom reserved for > teaching > or administrative staff only. Students may not use this network. Local > machines are running XP Pro and the server is running Server 2003. We've > had > some break-ins lately where we've seen signs that students are using the > LAN > connections and their own laptops to try to either hack our system or at > very > least steal internet time. I'd like to find a way to prevent ANY such > access > to the system - to keep non-approved machines from getting any access on > the > LAN. I thought that finding a way to permit only certain MAC addresses > would > be a simple way to do so. Is this possible in Server 2003? Are there > better > suggestions?
- Next message: Pegasus \(MVP\): "Re: VBS Script doesn't run as a scheduled task"
- Previous message: cristalink: "Re: Scheduled NTbackup Fails"
- In reply to: KWME: "MAC Filtering Part II"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
