Solved

how to secure a Cat5 patch cable to a wall plate and a NIC card???

Posted on 2003-11-06
29
1,027 Views
Last Modified: 2013-11-09
Hi,

I am the network adminustrator for a school lab (not physically monitored 24/24). What we have seen in the past is that users come in, unplugged the lab systems, and plug in their own system (usually a laptop), enter a valid IP address, and start P2P applications, which we do not authorize.

I want to implement a simple mechanical locking/secure device that would prohibit the CAT5 patch cable to be unplugged from our system's NIC card and/or from the wall plate. In other terms, it would be impossible for an intruder to physically connect a CAT5 patch cable to his/her laptop.

Please provide name or links to manufacturer of such locking devices.

thank You
Luc Weinland
0
Comment
Question by:lweinlan
  • 11
  • 6
  • 5
  • +4
29 Comments
 
LVL 1

Expert Comment

by:Andrewhsia
ID: 9696956
wouldn't it be easier to lock them out by mac address.
This prevents someone from using another machine.
There are two ways to do this. Either by firewall software where you tell it by mac address only allow access, or by DHCP on a server that will only assign to specific MAC addresses IP's.
That way you don't need security to lock down machines.
Just incase, Each ethernet card is assigned a specific MAC address. No two are the same. There are spoofing softwares, but they have to know the correct mac address to spoof, and that would depend on the security of your lab computers.
0
 
LVL 7

Expert Comment

by:Robing66066
ID: 9696987
Hmmmm.  That would work, but I haven't heard of anyone who offers such a device.  Another solution might be to restrict by MAC address what device can be connected to that port on the switch.  Many switches sold now have this feature -- you simply enter the MAC address of the device that is to be plugged in to that port.  If any other device is plugged in, the switch refuses service.

There are ways around it, but the intruder would have to know that this is what you have done, learn what the correct MAC address is, enter it into his LAA for his network card and then jack in.  It should stop all but the most determined students.

Sorry I couldn't provide what you asked for, but maybe this will work out better...
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9697160
I think I have heard of such a device.  Have you checked places like Black Box, or CDW?
0
 
LVL 3

Expert Comment

by:guynumber5764
ID: 9697315
The wall side is easy:  just put the plugs behind the plates and use security screws.
The PC side is a little harder.
I cannot think of any way to safely attach a cable to a NIC such that it cannot easily be pulled out 1/2" short of covering the whole back of the PC (what would you bolt it to? ).  Most school districts I have encountered are more worried about theft than unauthorised use of resources.  The best solution I have seen there is to enclose the entire PC in a box secured with a locked metal bar in the front and bolted to the table.  A door in the back would be even better.  Usually these boxes are made by the district works dept.
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698531
I believe that there's no cheap way to secure yourself against situations like that, - it takes good, managed L3 switches which can be configured to only accept approved MACs. The firewall solution is a good idea, but firewalls that can check on MACs are either expensive or hard to configure, - and furthermore it will become a bottleneck.

If you know for certain that the intruders would not dare to damage the equipment, then perhaps you could consider a cheap solution based on the cables:

 - On the wall side, you'd have to make them secured behind a panel with a lock.
 - In the PC, just glue the cable to the NIC with expoxy-glue (I bet that if you do find some "security-solution" then it's more expensive than a cheap NIC)


Regards,
Sven
0
 
LVL 1

Expert Comment

by:Andrewhsia
ID: 9698625
I guess it depends on how many machines you are working on and if you intend to limit all access or just internet access.
You could set up a firewall to just the outside world. and yes this is a bottle neck ,but for just surfing the web, it should not be an issue. Downloading large files will cause a problem. Most broadband routers have built in software for the mac address stuff so for 100 bucks or so you could set it up. Otherwise locking it in a box or superglue is probably the only cheaper answer.
0
 
LVL 3

Expert Comment

by:guynumber5764
ID: 9698670
I was also thinking of a solution like sven's.  If you made little pigtail's with RJ45 on one end and either used a molex or a different pinout you could epoxy those to the NICS.  The matching (opposite) cables from the wall could still be unplugged to move PCs and replace NICs but would be useless to the kids.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9698848
I can't help thinking someone like Targus has something like that.
0
 
LVL 1

Expert Comment

by:Scott_V
ID: 9699065
Got it!  Go wireless.  Setup security on the Wireless network and restrict access to each of the client's setups.  This way only PCs with the right codes can get internet access!  Wireless hardware isn't too expensive now, and it definately fast enough for school internet access!

-Scott
0
 
LVL 3

Accepted Solution

by:
guynumber5764 earned 300 total points
ID: 9699096
Targus has a deely that attaches to the video port but it uses the holddown screw as the attachment point.  I don't know if anything like that for an RJ45.  But it gives me an idea:
-  wrap a small zip tie loosely around the cat5 cable
-  cut off the first 3.8"
- plug the cable into the NIC and jam the stub you cut off into the clip.
- cinch the tie around the stub.

Not perfect but it'll prevent anyone without cutters from unplugging the lan.
0
 
LVL 3

Expert Comment

by:guynumber5764
ID: 9699362
read 3.8" as 3/8" ( 0.375" )
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9699974
Now I remember - My Brother-in-law works for a plastics molding place.  He gave me some RJ45 securing clips that do much like what guynumber5764 is describing with a cable tie.

I have no idea WHO they were making these security clips for, but the cable-tie idea will likely do as well, without having to worry about where to get 'em - just go to your local hardware store and get some cable-ties...

Great idea, guy!
0
 
LVL 8

Expert Comment

by:ViRoy
ID: 9703859


how about a fibre cable ;)
lil expensive upgrade but i bet you wont have anyone messing with that.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9703945
"security" and "wireless network" don't yet belong in the same sentence.  There is still much to be done in securing wireless access.  There are too many WIFI devices already attached to notebooks and handhelds, that if you are not *absolutely* secure in your wireless solution can too easily just add themselves to your wireless network.  

I still think you should go with the cable-tie idea presented by guynumber5764...  Easy, cheap, and as he said, if they don't have a snips in their pocket, relatively secure.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9704021
I second that (from ShineOn), - and both oppinions: anyone breaking the wirestraps will know they are doing a violation, and even today, that's still a major threshold to cross for many people

As for wireless, - take a look at the Network section and see how well people are doing with such a 'simple and straight-forward' appliance. Wireless isn't secure nor very compatible/adaptable unless you invest in the more expensive brabds.

Regards,
Sven
0
 
LVL 1

Expert Comment

by:Scott_V
ID: 9704050
You can configure a wireless router for a security key, or even a certificate before it allows connection, thusly you will not have person X bringing in WiFi card Y, and being able to connect to your network with out having passcode Z...  Without Z, X can't screw around with your internet via Y...  The only reason wireless networking gets such a bad rap is because most people don't turn ON the security features in a wireless access point, thus allowing everyone access...

Either way, think about it.  Whats the difference between catching a packet from the air, or from a sniffer, as long as its encrypted?

More to the point, unauthorized computers with WiFi cards will not get access with out the proper authorization...  WiFi may have a ways to go, but its A viable solution to this problem...  Keyword, "A", it is well known there is more than one way to resolve any problem.

-Scott
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704163
On the cable-tie idea, you coud institute a policy that at the end of each period, the connections will be checked, and if everything is not in place exactly as it was at the beginning of class, the person at that workstation gets penalized, either gradewise or with disciplinary action lile detention...  provided you have the kind of institution that can do those things... ;)
0
 
LVL 3

Expert Comment

by:guynumber5764
ID: 9704429
Shine...The issue in most schools is the students who come in after hours or on breaks.
Luc...I could probably make a reusable metal version of the same thing but it would be tough to deliver at a price that makes it worthwhile.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704466
"Shine...The issue in most schools is the students who come in after hours or on breaks."

They should STILL be registering for use of school equipment, not walking in and doing whatever they want.

A software-based solution would be to install Novell BorderManager and enable authentication.  That way, you can only access the internet if you log in, and the login and all usage gets entered into a log file...
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9704605
Scott_V, - I agree in principle, but we're talking about a school here. We all know what kind of organisation it takes to enforce standards like certificate issuing and revocation, managing the stuff, - even if outsourcing, would probably be far beyond budget.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704674
Sven,

Similar to my position.

If they would install and configure a product like BorderManager, which leverages the NDS/eDirectory they already have installed, makes identity-based access control much simpler to manage than working with certificates outside the Novell spectrum.
0
 
LVL 1

Expert Comment

by:Scott_V
ID: 9704706
Okay.  You're right.  I know.  Guess I was kinda hoping you were from one of those "Super high-tech" schools we see on the news all the time.  You know, the ones where all the students get Mac Notebooks...  :)

In a perfect world long ago...


-Scott
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704737
... or in the distant future, after the ultra-left liberals die in their own waste...  hehe.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704757
In case you weren't sure, the ultra-left liberal reference to dying in their own waste is to what happens to single-celled organisms when they grow in numbers beyond the capacity of their environment to sustain them - like yeast, for instance.,,
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704765
Sorry, that was insentsitive to the yeast out there...
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9704767
I suggest we stick to the subject, - I hate to learn the political attitudes of professional contacts: it interferes with my professional behaviour ;-)

Regards (and respect to all!!)

Sven
0
 
LVL 3

Expert Comment

by:guynumber5764
ID: 9704809
thx sven & agreed!
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9704966
k, sven  Sorry folx...
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9705479
ShineOn, - my remark was not aimed at anyone , so no need for you to apologize. I think I would call it self-defence: when I'm having a good time, I try to avoid bad vibes (I'm a sissy, in that respect...;-)


Sven
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now