Re: IAS as RADIUS
- From: "the" <shirtrippa@xxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 13:16:56 -0600
<TexasMirty@xxxxxxxxx> wrote in message
news:1157655231.145199.179300@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
You could use MAC security on the switch ports to allow only specified
devices -- specific MAC addresses. That way no one can walk in with a
laptop, "plug in" and access you network. Use "sticky" MAC address
security to make the currently-plugged in system the allowed system. If
interested, read here -
Thanks for the advice, i'm rather a fan of the ACL+ MAC filter combo,
however only on a few VLAN's can i implement this. Our engineering dept,
for instance, has customers in every week that need inet access, and surely
we can't authorize each computer everytime, it;d get to be a management
nightmare. Normally they connect to our wireless network, wich is a totally
seperate network, so there is no threat, however this weekend we had a
Korean customer come in and effectively infected 27 machines. All i can say
i thank god for backups. So one of my new project is to elimiante
unauthorized network access, this way our enigineers cant say 'oh sure just
plug in here' and have me come in to find the place in shambles monday
morning.
Im;re reveiwng my 802.1x, i was never really familiar with it anyway,
but from what i gather windows is a client (supplicant), my switches are
802.1x compliant (making them the authenticator), and im under the
impression i should be able to use IAS as my authentication server. so im
kinda back to square one, i'm thinking i might give free radius a shot just
to have something UnR here in the lab for testing and refinement. If anyone
has any idea's let me know.
.
- References:
- IAS as RADIUS
- From: the
- Re: IAS as RADIUS
- From: Neteng
- Re: IAS as RADIUS
- From: the
- Re: IAS as RADIUS
- From: TexasMirty@xxxxxxxxx
- IAS as RADIUS
- Prev by Date: Re: IAS as RADIUS
- Next by Date: Re: IAS as RADIUS
- Previous by thread: Re: IAS as RADIUS
- Next by thread: Re: IAS as RADIUS
- Index(es):
Relevant Pages
|
