• United States

Controlling access to the network

Aug 09, 20042 mins
Network SecuritySecurity

After seeing more stories about networks being compromised, we’re concerned that we’re not taking enough steps to be protected. Understanding that there is no way we can be totally safe, what kind of options should we look at to make sure that only those who should be on our network are able to get on?

– Via the Internet

There are more options that I have the space to properly deal with, but I will list a few that should give you an idea of what to look at. One open-source option is something called Netreg . This is a little different DHCP server than you’re used to. When a device first comes up on the network, it is given a non-routable IP address. A DNS service running on this same system directs all Internet inquiries to the same Web site, which is also on the same system running as Netreg. Only after the user correctly enters a network user name and password are they given an IP address that will get them to the outside world.

Depending on the firewall you have, you can look at some type of proxy authentication that will once again prompt the user to correctly enter a username and password before being allowed to leave your network and go out on the Internet. Whether you have the same authentication source or a different one, this is another way to control how your network resources are used. With this type of access control, this is another area you’ll need to troubleshoot when there is a problem. Make sure that whatever network device is serving as your firewall has enough resources to handle the authentication tasks it will now be asked to handle.

For those who really want to make sure that only those who are on the network should be there, you can look at implementing IP Security on your network and require a digital certificate be installed on the workstation trying to log on before the network will allow access. You can also look at doing network control with your switches by limiting access based on the media access control addresses of known network devices. As I said at the start of this column, this is not a simple question to answer; you could write a book on this subject. But this should give you an idea of possible solutions to implement on your network.