Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

network security

Posted on 2007-07-30
11
Medium Priority
?
224 Views
Last Modified: 2013-12-04
help help

when i got to network neighborhood i see other workgroup like mshome, home and workgroup. i went around and i dont see anyone with laptop other than the company laptop. i ran a ipscan on my network and i can see 2 suspicius ip 192.168.1.135 and 1.118 and i got the mac address. now is there a way taht i can make sure they dont have access to my domain? when i go to start run type \\192.168.1.135 i got nothing and no errors. also i have 2 wireless access point. 1 linksys 1 belkin. and there encrypted. what is the best way to secure my network? thanks all.

0
Comment
Question by:xcsvx
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 19595057
1.135 and 1.118 could be the access points itself. Try http://192.168.1.135  and http://192.168.1.118 from internet explorer and see if you get a username/paddword prompt.

You can also check in the access points itself, what computer/devices are connected to it.
0
 

Author Comment

by:xcsvx
ID: 19595170
no my access point are 30.110 and 30.111 the linksys is an older model and doesnt have the dhcp client table.
0
 
LVL 7

Accepted Solution

by:
knightrider2k2 earned 672 total points
ID: 19595193
If you think someone is connected to your wireless access point, the only way to prevent this is to change the wireless key.

But before doing that, check if the IP addresses you mentioned are not some networkprinters/managed switches etc.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 18

Expert Comment

by:PowerIT
ID: 19599397
To verify if they come via your AP's: just switch the AP's of and verify if you still see both suspicious IP.

J.
0
 
LVL 12

Assisted Solution

by:jahboite
jahboite earned 664 total points
ID: 19601116
If you have confirmed that the suspicious machines have connected via your access points you must ask yourself how they have managed to connect.  Have they cracked your encryption?  If so, you need to beef up your encryption on both AP's.  If you are not using WPA and are still using the very insecure WEP then that is the first change you should consider.  Remember that client machines need to support WPA if that's what you decide (only old hardware may not support WPA, newer machines should be fine)
WEP can be cracked in a matter of minutes these days and there are tools freely available such that even a complete novice can do it.

It might be useful to find out a bit more about your suspicious machines by getting nmap from http://insecure.org/nmap/dist/ (for windows get the nmap-4.22SOC2-win32.zip package) and once installed run a scan such as the following against each of the IP addresses:

nmap <IP_ADDRESS> -sSUVC -O

This should determine the operating system as well as any open ports and what services the machines might be running.
0
 

Author Comment

by:xcsvx
ID: 19602742
i just downloaded it and how can i install that utility?  from command prompt???
0
 
LVL 12

Expert Comment

by:jahboite
ID: 19603881
Hello xcsvx

I meant to point you to the

nmap-4.22SOC2-setup.exe  

package rather than the zip package.  Sorry about that!  

The exe package will install nmap and then it will install winPcap too which makes the whole process nice and simple.  Try that one instead.  Once installed, you run nmap from the commandline.  Again, sorry for the confusion!!
0
 
LVL 5

Expert Comment

by:drawlin
ID: 19606270
You say you have the MAC addresses of the suspicious IP's?  You can google a MAC identity website to see what vendor makes the hardware for the MAC addresses.

Also, if you have managed switches, look at the ARP tables for the MAC addresses and find what port those MAC addresses are plugged into.  Follow the cable to the PC..... unless it's the WAP that's plugged into the port in the ARP table.  In that case, change your WPA key.
0
 
LVL 5

Assisted Solution

by:drawlin
drawlin earned 664 total points
ID: 19606302
Oh, also:   If you want to stop the rogue PC's from getting to the Internet (Since that's what they are probably doing)  Reserve IP's in your DHCP server for the rogue MAC addresses, then block the IP's from leaving your network at the firewall.  That will result in a phone call from the offending party if it happens to be an employee with their personal laptop.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21185797
Forced accept.

Computer101
EE Admin
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question