method to authenticate devices
I found out with great astonishment that a worker in the firm where I work as admin came with his personal Notebook and introduced it in the network.
I am sure that this particular worker didn't want to do something harmful and didn't, but I am not sure about the others.
The LAN has 50 win clients with a Linux server (samba, sendmail, bind, ftp, httpd, dhcpd, etc). Itís the same broadcast domain for all.
The clients log in the samba domain (samba works as PDC) and use shares, email and other services which are available in every normal company.
Now I want foreign computers not to have access to the network or not without inform the admin. I want to authenticate the devices not only the users. Something like WEP or other wireless protocols do.
Does anyone know how can this be done?? Is there a special program which does that automatically and centralized? I was thinking about something like this: I get somehow a unique hash value for every legitimate host, and when it wants to communicate with the server (Linux) I check against that value.
At least a want the foreign hosts not to have access to the samba shares. I am satisfied if I am informed about that incident.
I would also like to stop the possibility of coping sensitive information from the samba shares on USB sticks (or to be informed of that).
Any material/link/book about internal security of a network would be great appreciated.