Solved

LAN access control

Posted on 2004-09-03
3
181 Views
Last Modified: 2010-03-18
Hi,

I am looking for a package that would control access to a wired network. it would need to be based on MAC addresses, but I am not aware of any package that would do it (ie accept only connections from host with a specified MAC address and reject all others)

can you help?

Marek
0
Comment
Question by:marek100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
llcooljayce earned 250 total points
ID: 11977635
There are a lot of ways that you can accomplish this:

- Squid is an excellent proxy system that can control access to sites based on a large number of variables that you can control. It's free, and runs on Linux, which is also free. Linux will run on a computer that you probably aren't using any more, so the hardware is "free". The cost comes in supporting it if you aren't familiar with linux.

- Websense will definitely do what you need, but it is pricey.

- You could use some of the controls within IE. If you don't want to edit the controls directly, you could push out information to certain clients using Group Policy in Active Directory.

The single best thing that I can recommend you do is to not continue trying to convince yourself that this should be simple to do. The reality is that the Internet is a dynamic and ever-changing place. This means that systems you deploy for this kind of service need to be able to adapt dynamically. That alone makes it "not simple".

Manual configuration of the PIX may lead to lack of control for the reason that the PIX operates on IP Addresses only. It doesn't understand www.microsoft.com. If you open browsing to an address, and that address hosts 300 different web sites on different domains, your client machines will have access to all of them. Also, many big sites (like MS) use multiple addresses for their sites, and change them from time to time. Trying to keep up with this could drive you up a wall.

Deploying multiple DNS servers to different subnets is also likely to lead to quite a bit of extra leg-work if you're trying to troubleshoot problems. In addition, one misconfiguration, and your efforts are all for naught.

Here's what I would recommend: make an honest evaluation on how much of your time you can spend working on setting this up (research, install, config, and test). Equate that to dollars. You may just find that the Websense product, though more costly up front, will install quicker, be manageable, and effective right from the start. In the long run, it could save you money. Just be aware that in addition to the product itself, you will/may need to purchase annual service subscriptions to be able to use it correctly.

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Resolve DNS query failed errors for Exchange
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question