[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 186
  • Last Modified:

LAN access control

Hi,

I am looking for a package that would control access to a wired network. it would need to be based on MAC addresses, but I am not aware of any package that would do it (ie accept only connections from host with a specified MAC address and reject all others)

can you help?

Marek
0
marek100
Asked:
marek100
1 Solution
 
llcooljayceCommented:
There are a lot of ways that you can accomplish this:

- Squid is an excellent proxy system that can control access to sites based on a large number of variables that you can control. It's free, and runs on Linux, which is also free. Linux will run on a computer that you probably aren't using any more, so the hardware is "free". The cost comes in supporting it if you aren't familiar with linux.

- Websense will definitely do what you need, but it is pricey.

- You could use some of the controls within IE. If you don't want to edit the controls directly, you could push out information to certain clients using Group Policy in Active Directory.

The single best thing that I can recommend you do is to not continue trying to convince yourself that this should be simple to do. The reality is that the Internet is a dynamic and ever-changing place. This means that systems you deploy for this kind of service need to be able to adapt dynamically. That alone makes it "not simple".

Manual configuration of the PIX may lead to lack of control for the reason that the PIX operates on IP Addresses only. It doesn't understand www.microsoft.com. If you open browsing to an address, and that address hosts 300 different web sites on different domains, your client machines will have access to all of them. Also, many big sites (like MS) use multiple addresses for their sites, and change them from time to time. Trying to keep up with this could drive you up a wall.

Deploying multiple DNS servers to different subnets is also likely to lead to quite a bit of extra leg-work if you're trying to troubleshoot problems. In addition, one misconfiguration, and your efforts are all for naught.

Here's what I would recommend: make an honest evaluation on how much of your time you can spend working on setting this up (research, install, config, and test). Equate that to dollars. You may just find that the Websense product, though more costly up front, will install quicker, be manageable, and effective right from the start. In the long run, it could save you money. Just be aware that in addition to the product itself, you will/may need to purchase annual service subscriptions to be able to use it correctly.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now