• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1079
  • Last Modified:

how to secure a Cat5 patch cable to a wall plate and a NIC card???

Hi,

I am the network adminustrator for a school lab (not physically monitored 24/24). What we have seen in the past is that users come in, unplugged the lab systems, and plug in their own system (usually a laptop), enter a valid IP address, and start P2P applications, which we do not authorize.

I want to implement a simple mechanical locking/secure device that would prohibit the CAT5 patch cable to be unplugged from our system's NIC card and/or from the wall plate. In other terms, it would be impossible for an intruder to physically connect a CAT5 patch cable to his/her laptop.

Please provide name or links to manufacturer of such locking devices.

thank You
Luc Weinland
0
lweinlan
Asked:
lweinlan
  • 11
  • 6
  • 5
  • +4
1 Solution
 
AndrewhsiaCommented:
wouldn't it be easier to lock them out by mac address.
This prevents someone from using another machine.
There are two ways to do this. Either by firewall software where you tell it by mac address only allow access, or by DHCP on a server that will only assign to specific MAC addresses IP's.
That way you don't need security to lock down machines.
Just incase, Each ethernet card is assigned a specific MAC address. No two are the same. There are spoofing softwares, but they have to know the correct mac address to spoof, and that would depend on the security of your lab computers.
0
 
Robing66066Commented:
Hmmmm.  That would work, but I haven't heard of anyone who offers such a device.  Another solution might be to restrict by MAC address what device can be connected to that port on the switch.  Many switches sold now have this feature -- you simply enter the MAC address of the device that is to be plugged in to that port.  If any other device is plugged in, the switch refuses service.

There are ways around it, but the intruder would have to know that this is what you have done, learn what the correct MAC address is, enter it into his LAA for his network card and then jack in.  It should stop all but the most determined students.

Sorry I couldn't provide what you asked for, but maybe this will work out better...
0
 
ShineOnCommented:
I think I have heard of such a device.  Have you checked places like Black Box, or CDW?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
guynumber5764Commented:
The wall side is easy:  just put the plugs behind the plates and use security screws.
The PC side is a little harder.
I cannot think of any way to safely attach a cable to a NIC such that it cannot easily be pulled out 1/2" short of covering the whole back of the PC (what would you bolt it to? ).  Most school districts I have encountered are more worried about theft than unauthorised use of resources.  The best solution I have seen there is to enclose the entire PC in a box secured with a locked metal bar in the front and bolted to the table.  A door in the back would be even better.  Usually these boxes are made by the district works dept.
0
 
svenkarlsenCommented:
I believe that there's no cheap way to secure yourself against situations like that, - it takes good, managed L3 switches which can be configured to only accept approved MACs. The firewall solution is a good idea, but firewalls that can check on MACs are either expensive or hard to configure, - and furthermore it will become a bottleneck.

If you know for certain that the intruders would not dare to damage the equipment, then perhaps you could consider a cheap solution based on the cables:

 - On the wall side, you'd have to make them secured behind a panel with a lock.
 - In the PC, just glue the cable to the NIC with expoxy-glue (I bet that if you do find some "security-solution" then it's more expensive than a cheap NIC)


Regards,
Sven
0
 
AndrewhsiaCommented:
I guess it depends on how many machines you are working on and if you intend to limit all access or just internet access.
You could set up a firewall to just the outside world. and yes this is a bottle neck ,but for just surfing the web, it should not be an issue. Downloading large files will cause a problem. Most broadband routers have built in software for the mac address stuff so for 100 bucks or so you could set it up. Otherwise locking it in a box or superglue is probably the only cheaper answer.
0
 
guynumber5764Commented:
I was also thinking of a solution like sven's.  If you made little pigtail's with RJ45 on one end and either used a molex or a different pinout you could epoxy those to the NICS.  The matching (opposite) cables from the wall could still be unplugged to move PCs and replace NICs but would be useless to the kids.
0
 
ShineOnCommented:
I can't help thinking someone like Targus has something like that.
0
 
Scott_VCommented:
Got it!  Go wireless.  Setup security on the Wireless network and restrict access to each of the client's setups.  This way only PCs with the right codes can get internet access!  Wireless hardware isn't too expensive now, and it definately fast enough for school internet access!

-Scott
0
 
guynumber5764Commented:
Targus has a deely that attaches to the video port but it uses the holddown screw as the attachment point.  I don't know if anything like that for an RJ45.  But it gives me an idea:
-  wrap a small zip tie loosely around the cat5 cable
-  cut off the first 3.8"
- plug the cable into the NIC and jam the stub you cut off into the clip.
- cinch the tie around the stub.

Not perfect but it'll prevent anyone without cutters from unplugging the lan.
0
 
guynumber5764Commented:
read 3.8" as 3/8" ( 0.375" )
0
 
ShineOnCommented:
Now I remember - My Brother-in-law works for a plastics molding place.  He gave me some RJ45 securing clips that do much like what guynumber5764 is describing with a cable tie.

I have no idea WHO they were making these security clips for, but the cable-tie idea will likely do as well, without having to worry about where to get 'em - just go to your local hardware store and get some cable-ties...

Great idea, guy!
0
 
ViRoyCommented:


how about a fibre cable ;)
lil expensive upgrade but i bet you wont have anyone messing with that.
0
 
ShineOnCommented:
"security" and "wireless network" don't yet belong in the same sentence.  There is still much to be done in securing wireless access.  There are too many WIFI devices already attached to notebooks and handhelds, that if you are not *absolutely* secure in your wireless solution can too easily just add themselves to your wireless network.  

I still think you should go with the cable-tie idea presented by guynumber5764...  Easy, cheap, and as he said, if they don't have a snips in their pocket, relatively secure.
0
 
svenkarlsenCommented:
I second that (from ShineOn), - and both oppinions: anyone breaking the wirestraps will know they are doing a violation, and even today, that's still a major threshold to cross for many people

As for wireless, - take a look at the Network section and see how well people are doing with such a 'simple and straight-forward' appliance. Wireless isn't secure nor very compatible/adaptable unless you invest in the more expensive brabds.

Regards,
Sven
0
 
Scott_VCommented:
You can configure a wireless router for a security key, or even a certificate before it allows connection, thusly you will not have person X bringing in WiFi card Y, and being able to connect to your network with out having passcode Z...  Without Z, X can't screw around with your internet via Y...  The only reason wireless networking gets such a bad rap is because most people don't turn ON the security features in a wireless access point, thus allowing everyone access...

Either way, think about it.  Whats the difference between catching a packet from the air, or from a sniffer, as long as its encrypted?

More to the point, unauthorized computers with WiFi cards will not get access with out the proper authorization...  WiFi may have a ways to go, but its A viable solution to this problem...  Keyword, "A", it is well known there is more than one way to resolve any problem.

-Scott
0
 
ShineOnCommented:
On the cable-tie idea, you coud institute a policy that at the end of each period, the connections will be checked, and if everything is not in place exactly as it was at the beginning of class, the person at that workstation gets penalized, either gradewise or with disciplinary action lile detention...  provided you have the kind of institution that can do those things... ;)
0
 
guynumber5764Commented:
Shine...The issue in most schools is the students who come in after hours or on breaks.
Luc...I could probably make a reusable metal version of the same thing but it would be tough to deliver at a price that makes it worthwhile.
0
 
ShineOnCommented:
"Shine...The issue in most schools is the students who come in after hours or on breaks."

They should STILL be registering for use of school equipment, not walking in and doing whatever they want.

A software-based solution would be to install Novell BorderManager and enable authentication.  That way, you can only access the internet if you log in, and the login and all usage gets entered into a log file...
0
 
svenkarlsenCommented:
Scott_V, - I agree in principle, but we're talking about a school here. We all know what kind of organisation it takes to enforce standards like certificate issuing and revocation, managing the stuff, - even if outsourcing, would probably be far beyond budget.
0
 
ShineOnCommented:
Sven,

Similar to my position.

If they would install and configure a product like BorderManager, which leverages the NDS/eDirectory they already have installed, makes identity-based access control much simpler to manage than working with certificates outside the Novell spectrum.
0
 
Scott_VCommented:
Okay.  You're right.  I know.  Guess I was kinda hoping you were from one of those "Super high-tech" schools we see on the news all the time.  You know, the ones where all the students get Mac Notebooks...  :)

In a perfect world long ago...


-Scott
0
 
ShineOnCommented:
... or in the distant future, after the ultra-left liberals die in their own waste...  hehe.
0
 
ShineOnCommented:
In case you weren't sure, the ultra-left liberal reference to dying in their own waste is to what happens to single-celled organisms when they grow in numbers beyond the capacity of their environment to sustain them - like yeast, for instance.,,
0
 
ShineOnCommented:
Sorry, that was insentsitive to the yeast out there...
0
 
svenkarlsenCommented:
I suggest we stick to the subject, - I hate to learn the political attitudes of professional contacts: it interferes with my professional behaviour ;-)

Regards (and respect to all!!)

Sven
0
 
guynumber5764Commented:
thx sven & agreed!
0
 
ShineOnCommented:
k, sven  Sorry folx...
0
 
svenkarlsenCommented:
ShineOn, - my remark was not aimed at anyone , so no need for you to apologize. I think I would call it self-defence: when I'm having a good time, I try to avoid bad vibes (I'm a sissy, in that respect...;-)


Sven
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 11
  • 6
  • 5
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now