Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, I found out with great astonishment that a worker in the firm where I work as admin came with his personal Notebook and introduced it in the network. I ...
  1. 02-20-2005 #1
    ddaas
    ddaas is offline
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69

    method to authenticate devices



    Hi,

    I found out with great astonishment that a worker in the firm where I work as admin came with his personal Notebook and introduced it in the network.
    I am sure that this particular worker didn't want to do something harmful and didn't, but I am not sure about the others.

    The LAN has 50 win clients with a Linux server (samba, sendmail, bind, ftp, httpd, dhcpd, etc). It’s the same broadcast domain for all.
    The clients log in the samba domain (samba works as PDC) and use shares, email and other services which are available in every normal company.


    Now I want foreign computers not to have access to the network or not without inform the admin. I want to authenticate the devices not only the users. Something like WEP or other wireless protocols do.

    Does anyone know how can this be done?? Is there a special program which does that automatically and centralized? I was thinking about something like this: I get somehow a unique hash value for every legitimate host, and when it wants to communicate with the server (Linux) I check against that value.

    At least a want the foreign hosts not to have access to the samba shares. I am satisfied if I am informed about that incident.

    I would also like to stop the possibility of coping sensitive information from the samba shares on USB sticks (or to be informed of that).



    Ideas ????


    Any material/link/book about internal security of a network would be great appreciated.



    ddaas
    Reply With Quote Reply With Quote
  2. 02-24-2005 #2
    Viper8896
    Viper8896 is offline
    Linux Newbie
    Join Date
    Jan 2005
    Posts
    104
    wha u need to do is limit the network to certain mac adresses. but im not quite sure how to do this so u r gona have to wait for a pro to reply
    Reply With Quote Reply With Quote
  3. 02-25-2005 #3
    ddaas
    ddaas is offline
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69
    I could implement a firewall on the main Linux Server and restrict communication based on MACs. This is a possibility but not the best because this refers only to communication with the server (computer can also communicate with each other) and MACs can be easily spoofed.

    If someone could tell be how could I use this method in conjunction with cryptography this would be great (or a method that stops MACs spoofing).



    Better, I grant access at the OSI L2 (DataLink layer) at the main switch. I want the switch to authenticate devices. I don't know exactly how. I think I need a Switch which support RADIUS authentication.


    Any ideas?? Comments?


    ddaas
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules