Solved

LAN access control

Posted on 2004-09-03
3
183 Views
Last Modified: 2010-03-18
Hi,

I am looking for a package that would control access to a wired network. it would need to be based on MAC addresses, but I am not aware of any package that would do it (ie accept only connections from host with a specified MAC address and reject all others)

can you help?

Marek
0
Comment
Question by:marek100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
llcooljayce earned 250 total points
ID: 11977635
There are a lot of ways that you can accomplish this:

- Squid is an excellent proxy system that can control access to sites based on a large number of variables that you can control. It's free, and runs on Linux, which is also free. Linux will run on a computer that you probably aren't using any more, so the hardware is "free". The cost comes in supporting it if you aren't familiar with linux.

- Websense will definitely do what you need, but it is pricey.

- You could use some of the controls within IE. If you don't want to edit the controls directly, you could push out information to certain clients using Group Policy in Active Directory.

The single best thing that I can recommend you do is to not continue trying to convince yourself that this should be simple to do. The reality is that the Internet is a dynamic and ever-changing place. This means that systems you deploy for this kind of service need to be able to adapt dynamically. That alone makes it "not simple".

Manual configuration of the PIX may lead to lack of control for the reason that the PIX operates on IP Addresses only. It doesn't understand www.microsoft.com. If you open browsing to an address, and that address hosts 300 different web sites on different domains, your client machines will have access to all of them. Also, many big sites (like MS) use multiple addresses for their sites, and change them from time to time. Trying to keep up with this could drive you up a wall.

Deploying multiple DNS servers to different subnets is also likely to lead to quite a bit of extra leg-work if you're trying to troubleshoot problems. In addition, one misconfiguration, and your efforts are all for naught.

Here's what I would recommend: make an honest evaluation on how much of your time you can spend working on setting this up (research, install, config, and test). Equate that to dollars. You may just find that the Websense product, though more costly up front, will install quicker, be manageable, and effective right from the start. In the long run, it could save you money. Just be aware that in addition to the product itself, you will/may need to purchase annual service subscriptions to be able to use it correctly.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question