[ale] OT: laptops on a network, security

Jonathan Rickman jonathan at xcorps.net
Thu May 29 17:37:13 EDT 2003


On Wed, 28 May 2003, J.M. Taylor wrote:

> Hypothetical situation: you are a fair-to-middlin' sized university, and
> people (students, faculty, staff, spouses, riff-raff) want to bring their
> laptops in and plug in to your network.  Your draconian laws prohibit this
> but it's becoming increasingly obvious that people are doing it anyway,
> and you can't hide from the issue forever.

MAC addresses. Very high administrative overhead, and some switches do not
support it. Most high end stuff lets you set up a list of authorized MAC
addresses...or even assign them to specific ports to prevent moving
computers around. I've seen this used in various three letter agencies and
can assure you that the administrative overhead is VERY heavy initially,
but tapers off once you establish the baseline. OTOH, you better have a
well staffed call center. I've personally used this method on military
SIPRNET networks, but the number of machines was less than 100 and all
workstation setups required you to be on site to certify the machine
anyway. Recording the MAC is part of the accreditation process, so it
really only added one step, configure the switch. Overkill in your
situation??? Probably...

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list