Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Securing Conference Rooms

Posted on 2010-11-19
6
Medium Priority
?
323 Views
Last Modified: 2012-05-10
Hello,

 Can anyone offer any suggestions/best practices on how to effectively secure non-domain users from plugging into meeting room switches?
0
Comment
Question by:sin20
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Accepted Solution

by:
Barry Gill earned 1000 total points
ID: 34174855
Create multiple DHCP scopes and make use of VLAN's.
Have VLAN 1 service your internal network and VLAN 2 service your meeting rooms.
Have DHCP scope 1 serviceVLAN 1s and DHCP scope 2 service VLAN 2.
VLAN 2 then gets internet access only (as why else are you letting people connect) and any user from VLAN 1 that wants to connect to internal services must log into a VPN in order to gain access.
Your users will be annoyed by this at first, so manage their expectations and let them know why you are doing this.
0
 

Author Comment

by:sin20
ID: 34175145
Thank you for your reply and suggestion.  I'm not sure the VPN solution is our best bet as we use RSA and I'm sure I won't sell management on distrbiuting tokens for this.

0
 
LVL 9

Expert Comment

by:Barry Gill
ID: 34177252
create an internal secondary vpn, one that does not require tokens
0
 
LVL 3

Assisted Solution

by:Nasir-Siddique
Nasir-Siddique earned 1000 total points
ID: 34182013
If your switch is capable....you can use 802.1x based VLANs. 802.1x based VLAn uses authentication which can be integrated to the AD or any other users database, thus if a user without proper credential tries to plug into your network using those conference room sockets, he/she will be asked for use name and password. Untill the credentialsare not verified, no IP address will be provided to the user. You will have a secure access from that area using 802.1x.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 35814071
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question