Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

Securing Win2k Network - DHCP

I want to limit network access to only computers that have domain accounts (Win2k Active Directory, Win2k DHCP).  I know it's probably simple but I can't seem seem to find it.

Thanks.
0
Crestline
Asked:
Crestline
  • 4
  • 2
  • 2
  • +2
1 Solution
 
Pete LongConsultantCommented:
There is NO simple fix, your only option is to limit access to your network from registered MAC addresses on your network switches :(
0
 
CrestlineAuthor Commented:
Your kidding me right?   :(

You mean to say that anyone can walk in here, plug in their personal pc/laptop and spread all the crap from their home computers all over our network?  I just thought I was having a problem searching because I can't find anything either.

This is bad news...


0
 
Pete LongConsultantCommented:
It is indeed this has been asked here many times, and a lot of casual questioners have been and abandoned the question because of it :(
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jamesreddyCommented:
Pete is correect.  While DHCP has the benefit of reducing administrator intervention, it has the drawback of security problems.  The only way around it is to create DHCP reservations that, as Pete stated, would require you to copy down every single MAC address on the network, and individually reserve them their respective addresses.  Other than that, you could eliminate DHCP and go with a static assigned addresses.

You can read more about it here:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_dhcp_ovr_security.asp

DHCP is an unauthenticated protocol, even in the latest flavor, Windows Server 2003.  You have few options here.

James
0
 
Gareth GudgerCommented:
Yea it kind of sucks.

I think Microsoft was almost thinking about it when they created the user and vendor classes in DHCP but never took it far enough. :)
0
 
CrestlineAuthor Commented:
Ok.  Thanks guys.

This is obviuosly not the answer I was looking for but I'll contemplate your suggestions.  It's not like we have 100s of workstations, we are just under 100, but....

0
 
jamesreddyCommented:
Unfortunately...we all feel your pain.  :)  Most of us have tried to find the answer to the same question at one point or another.
0
 
Pete LongConsultantCommented:
ditto :(

ThanQ
0
 
Rich RumbleSecurity SamuraiCommented:
A little update I've just researched- havent set it up/tested it yet but the 802.1x standard looks to be able to help in this situation:
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/8021xclient.asp
http://cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800da6ff.html#wp1025060
http://support.microsoft.com/kb/q303597/

Just popped in my head to share the info- i'll get a page up when I've tested this thoroghly
-rich
0
 
Pete LongConsultantCommented:
cheers rich Ive stuck it on my list of things to look at :)
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 4
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now