Solved

LAN access control

Posted on 2004-09-03
3
178 Views
Last Modified: 2010-03-18
Hi,

I am looking for a package that would control access to a wired network. it would need to be based on MAC addresses, but I am not aware of any package that would do it (ie accept only connections from host with a specified MAC address and reject all others)

can you help?

Marek
0
Comment
Question by:marek100
3 Comments
 
LVL 4

Accepted Solution

by:
llcooljayce earned 250 total points
ID: 11977635
There are a lot of ways that you can accomplish this:

- Squid is an excellent proxy system that can control access to sites based on a large number of variables that you can control. It's free, and runs on Linux, which is also free. Linux will run on a computer that you probably aren't using any more, so the hardware is "free". The cost comes in supporting it if you aren't familiar with linux.

- Websense will definitely do what you need, but it is pricey.

- You could use some of the controls within IE. If you don't want to edit the controls directly, you could push out information to certain clients using Group Policy in Active Directory.

The single best thing that I can recommend you do is to not continue trying to convince yourself that this should be simple to do. The reality is that the Internet is a dynamic and ever-changing place. This means that systems you deploy for this kind of service need to be able to adapt dynamically. That alone makes it "not simple".

Manual configuration of the PIX may lead to lack of control for the reason that the PIX operates on IP Addresses only. It doesn't understand www.microsoft.com. If you open browsing to an address, and that address hosts 300 different web sites on different domains, your client machines will have access to all of them. Also, many big sites (like MS) use multiple addresses for their sites, and change them from time to time. Trying to keep up with this could drive you up a wall.

Deploying multiple DNS servers to different subnets is also likely to lead to quite a bit of extra leg-work if you're trying to troubleshoot problems. In addition, one misconfiguration, and your efforts are all for naught.

Here's what I would recommend: make an honest evaluation on how much of your time you can spend working on setting this up (research, install, config, and test). Equate that to dollars. You may just find that the Websense product, though more costly up front, will install quicker, be manageable, and effective right from the start. In the long run, it could save you money. Just be aware that in addition to the product itself, you will/may need to purchase annual service subscriptions to be able to use it correctly.

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now