Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Intrusion Detection System

I currently use cisco 6000 switches & 2600 routers. I also have 'real secure' IDS but it's not yet implemented.

There are contractors working on our compound who require network access. We supply them with PCs however we recently discovered that they also plug in their personal laptops onto our lan ports.

Is there any system available that can detect & prevent such an occurence? Is this a feature available in the switches or do I require software
0
isltt
Asked:
isltt
1 Solution
 
chris_calabreseCommented:
The most straight-forward way to do this is to record all the MAC addresses in use at your site (you can get them from the router arp caches), load them into the switches, and then shunt any unknown MAC's to a dead-end VLAN.

This not only keeps contractors/vendors from plugging in their own PC's, but also keeps employees from purchasing new systems that haven't gone through the "official" setup/purchasing process.

The other option is to implement something like Cisco's just-recently-released NAC product, which can do things like check whether machines have appropriate patches and anti-virus signatures, enforce that they are domain members, etc., etc.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now