Login    Forum    Search    FAQ

Board index » Upgrading and Repairing Forum » Network Hardware & Configuration




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Securing IP Addresses
 Post Posted: Thu Apr 19, 2007 12:53 pm 
Offline

Joined: Sun Feb 04, 2007 1:32 pm
Posts: 225
sir, i have a question. In our office, some computers have internet access
and some are not. Example sir, my computer doesn't have an internet access,
so what i do is that, i would change my ip address to those ip addresses that
has internet access. in short, i'm stealing their ip addresses whenever it is
possible, like when the owner/computer is still off.

my question is, how can i prevent it? is it possible to make that ip
address exclusively only to a certain computer? like for example, the ip
address 192.168.141.120 will only respond to a specific computer and not to
any other computer when being used. can the ip address use the mac address to
make that authentication possible?

i was searching for the answer in your upgrading and repairing networks but
couldn't find it. i read about DHCP, MMC snap in, is that the one? don't
worry about the procedure sir. it's ok if you don't have the time to explain
it specifically. just tell me sir if it's possible and where in OS or network
protocols i should concentrate or start.

Here is our network deployment:
we have over 400 computers. we're using windows 2000 advanced server. we 16
servers. a DHCP server. i'm not sure how they are connected specifically but
they are all connected. all our ip addresses starts at 192.168.x.x

I'm reading all your books sir. that's 3 books PC's, Networks & Servers.


Top 
 Profile  
Reply with quote  
 Post subject:
 Post Posted: Thu Apr 19, 2007 12:53 pm 
Offline
Site Admin

Joined: Sun Feb 04, 2007 11:44 am
Posts: 5773
Windows 2000 server and/or most routers contain a DHCP (Dynamic Host
Configuration Protocol) server, which if enabled will automatically assign a
unique IP address to a computer requesting one.

However it is also possible to set a specific IP address at a given computer
such that no DHCP request will be made, which is called a "static IP"
setting. This can be accomplished in Windows XP for example via the "Use the
following IP address:" setting under TCP/IP properties. You can see an
example of that at the bottom of the following page:
http://support.microsoft.com/kb/813940

It is possible to restrict internet access to or from specific IPs or MAC
addresses at the internet gateway or firewall, which is normally contained in
your router. Since a limited or standard user cannot change IP or MAC address
settings, they would therefore remain bound by any such restrictions that
were assigned.

Note however that a user with administrator rights *can* change both the IP
and/or MAC addresses on a system, thus potentially working around any such
restrictions. Therefore if you wish to enforce the restrictions, you should
insure that untrusted users have only limited or standard accounts.

A more powerful way to control or limit users and systems on a network is
available via the Microsoft Shared Computer Toolkit:
http://www.microsoft.com/windowsxp/shar ... fault.mspx

This is a free set of tools for securing, protecting and controlling systems
that might be used by untrusted users.

In larger network environments, you can also use Active Directory and Group
Policy for centrally managing users, groups, and restrictions. The Shared
Computer toolkit includes a Group Policy template to apply the same user
settings and restrictions centrally that the User Restrictions tool provides
for local user accounts. Scott.


Top 
 Profile  
Reply with quote  
 Post subject: IP
 Post Posted: Fri May 04, 2007 10:27 pm 
Offline

Joined: Fri May 04, 2007 10:17 pm
Posts: 1
Location: GALVESTON
Try to use a Router that locks down the MAC address that each port going to a PC uses so that if the user does change the MAC on the PC the connection fails between the router and PC. This makes more work for the network guys when the PC has a NIC card failure but it keeps users from moving the pc's around too or bringing in unknown PC's into the network. I like the packet fence software too for locking things down.


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 3 posts ] 

Board index » Upgrading and Repairing Forum » Network Hardware & Configuration


Who is online

Users browsing this forum: No registered users and 1 guest

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron