Questions

- updated

+
0 Votes
Locked

- updated

Wiseguytr
Hi,
-
Clarifications Clarifications
+
0 Votes
CG IT
Collapse -

That way you can put MAC address security on the switch ports. If someone connects to a switchport their MAC address isn't supposed to be there, the port is turned off until you turn it back on.

With this setup, you know who is supposed to be on that switchport and if another computer connects to it, their connectivity will be turned off. Then they have to come to you and tell you they can't connect. Then you know by the security logs on the switch that someone disconnected their computer and plugged in another. You can then get the message out via the employees that they can't swap around NICs or computers or you'll know.

+
0 Votes
Wiseguytr
Collapse -

This seems as the reasonable answer I was looking for. I wonder if you can do that on 3Com's managed Layer2's....

On the otherside I was dreaming of a software or a box with all my IP and binded MACs tables on it. So that if someone tried to enter the network with a unmatched IP/Mac, it would just cause a direct IP conflict and disable their access...

+
0 Votes
CG IT
Collapse -

they ought to provide port security the same as Cisco switches do, else they wouldn't be competetive with Cisco and no one would buy 3Comm managed switches.

If not, budget some $$ for Cisco managed switches as they have port security by MAC address.

+
0 Votes
retro77
Collapse -

Institute a policy that no home PCs can come into work. If you are that secure on your internet access, then you need to be that secure on your home PCs. The punishment has to be termination of employment or people wont listen.

Plus home PCs comming in with who knows what virus/worms/malware on your "protected" network, a nightmare waiting to happen.

+
0 Votes
Wiseguytr
Collapse -

This is of course the most correct solution. But the thing is you can not fire a CFO.

InfoSec policies can be run pretty sharply when working in an corporate company, but in smaller companies, rules are obviously bent. Results are disasterous and IT guys get the blame for it.

In the end as you have spelled it correctly, we're cleaning virus everyday, trying the catch the backdoorers via registered MAC list...

Hopeless...My IPSEC Policy is still awaiting to be signed...