id="info"

Question

Locked

Non domain computer network access.

By kirk.roberts ·
what do people use to prevent network access to non domain computers? everyone that visits our offices wants access to the internet. most of the time i can check out their computers for upto date virus protection and then allow them to connect to the network but some people just come in and plug in there computers without asking. is there a program or hardware device that would prevent unauthorized connections?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Depending on the size of the network...

by SmartAceW0LF In reply to Non domain computer netwo ...

Running on the assumption that those you speak of that 'come in and plug in their computers' are doing so by utilizing an R45 drop somewhere within the building, I imagine your best bet would be to use MAC address filtering on the router. Were we speaking of Wireless access this would be easily effected by locking down the wifi portion of the network. (A thing that should be done already if it is not currently) There are other considerations requiring proper hardware and considerable expense.
Would help to know the number of nodes on the LAN, the types of operating systems attached to the LAN and make/model of router used within the network.

Collapse -

Simple and rough

by kermit1 In reply to Non domain computer netwo ...

Disable all ports on router that are not in use and enable them when you allow access to that particular port, or enable access based on MAC on all ports.
I guess that you have DHCP, change that to fixed IP so anyone who want access to your network should now IP and subnet.

All of that depend on how large your network is.

Solution is not elegant, but will do the job.

Collapse -

VLANs

by JPElectron In reply to Non domain computer netwo ...

VLANs is how you accomplish this.

Put a public/guest wireless access point, and some physical network ports in the lobby/common area - all memebers of a separate VLAN, make this VLAN route to the Internet and nothing else - thus protecting your network from foreign machines.

Back to Malware Forum
4 total posts (Page 1 of 1)  

Security Forums