Advertisement

10.08.2008 at 09:26PM PDT, ID: 23799914 | Points: 500
[x]
Attachment Details

Network Access Control Solution

Asked by AI-SYD in Dynamic Host Configuration Protocol (DHCP), Intrusion Detection Systems (IDS), Network Management

Hi All,

I have done much research on Network Access Control (NAC) and will now ask the experts for their thoughts on how to help me in the way I would like to see NAC handled on my network.

Problem:

Preventing unauthorised "anythings" from:

1. Getting an IP address from my DHCP server, Period.
2. Ensuring those users with enough smarts to add (an IP they found not in use) to their "anything" not being able to communicate to the network as it has not been authorised by the "gateway NAC Server" by the MAC being added by IT STaff.

Being "authorised" to me would mean the device would have its MAC added to a "list" and referenced or an agent installed on the workstations which poses an issue for printers, scanners and other misc legit devices.

My basic thinking would have been to

1. Add reservations using known MAC's
2. Add the rest of the IP's not in use to a Windows Box TCP/IP thus making them "in use" ??

A DHCP exclusion range would not stop a device connecting that had put in valid IP details.

Does anyone know of open source or commecial software that fits this bill? or a method?

Aalborg.

Start Free Trial
[+][-]10.08.2008 at 09:43PM PDT, ID: 22675738

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.13.2008 at 07:22AM PDT, ID: 22702646

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.17.2008 at 05:30PM PDT, ID: 22746516

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.17.2008 at 05:31PM PDT, ID: 22746520

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.19.2008 at 02:16PM PDT, ID: 22753762

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10.20.2008 at 10:13AM PDT, ID: 22759942

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.11.2008 at 08:01AM PST, ID: 22931710

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20081119-EE-VQP-49 - Hierarchy / EE_QW_2_20070628