+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
How do you do....it? Thread, Rogue Devices in Technical; I'm not after any institution's security secrets, just a 'you might want to look at...' sort of answer. Our resident ...
  1. #1

    Join Date
    Sep 2005
    Location
    Leicester
    Posts
    80
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Rogue Devices

    I'm not after any institution's security secrets, just a 'you might want to look at...' sort of answer. Our resident 'power user' amongst the staff recently plugged in a machine of his own onto the network here and caused multiple duplicate IP warnings all over the place. This has lead to a senior bod querying the 'security' of our network vis a vis 'rogue devices'. So, how do other places deal with this particular nugget? Managed switches tied to MAC addresses? Encrypting all network traffic? Is there a 'keep the senior bod happy' box I could buy and plug into the network? Any advice very gratefully received, as usual.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Rogue Devices

    If your switches support it you could do 802.1x authentication of your clients this would prevent someone with their own laptop getting access.

    Or just have the person disciplined for it.

    Ben

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Devices

    You can detect, isolate and disconnect devices based on policies with packetfence. I've posted in a number of threads about it. A forum search should reveal all, however here's the main post I made.

    http://www.edugeek.net/index.php?nam...ewtopic&t=7650

    Also you should read the Registration and Remediation primer to get a full overview of what it can do and how it can do it.

    http://www.packetfence.org/dokuwiki/...diation_primer

  4. #4
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75

    Re: Rogue Devices

    I've reserved all IPs which we're not using in DHCP, so devices fail to connect to the network. It doesn't help if people have manually configured IPs which happen to fall in our range, but it's better than nothing.

    You could look at Radius which basically does a MAC address check on any connected client; some managed switches can do this too.

  5. #5

    Join Date
    Sep 2005
    Location
    Leicester
    Posts
    80
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Rogue Devices

    Thanks for the prompt replies! 802.1x was another possibility but the Microsoft site mentions quite a glaring vulnerability in that, apparently, you can plug a hub between an acceptable machine and the network which then gets authenticated, allowing anything on which plugs into that hub.

    Obviously nothing's going to be 100%, I suppose it depends on how 'risk averse' your senior bod is! Anyway, will investigate packetfence and thanks once again for the replies. Any more very gratefully received!

  6. #6
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Rogue Devices

    Exclusive DHCP Reservations (100% of DHCP PC IP addresses entered as static resevations) is the quickest easiest way I believe, although not _really_ secure, it may do what you need. The reservations are tied to mac addresses, so just having a matching IP doesn't get you connected.

  7. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Rogue Devices

    As well as connecting a hub in the way they have to set their rogue machine to have the same MAC and IP addresses as the authenticated one.

    Ben

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110

    Re: Rogue Devices

    Quote Originally Posted by palmer_eldritch
    Thanks for the prompt replies! 802.1x was another possibility but the Microsoft site mentions quite a glaring vulnerability in that, apparently, you can plug a hub between an acceptable machine and the network which then gets authenticated, allowing anything on which plugs into that hub.

    Obviously nothing's going to be 100%, I suppose it depends on how 'risk averse' your senior bod is! Anyway, will investigate packetfence and thanks once again for the replies. Any more very gratefully received!
    Not if you don't allow more than one MAC on an interface. I can configure procurves to allow only the first MAC address detected, and as a hub cannot authenticate then it will not be authorized in the first place!

    At least thats the theory, full details after the summer

  9. #9
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110

    Re: Rogue Devices

    Quote Originally Posted by plexer
    As well as connecting a hub in the way they have to set their rogue machine to have the same MAC and IP addresses as the authenticated one.

    Ben
    To do this with the 802.1x config I'm looking at, the port will need to be physically disconnected to swap, unauthorising the previous machine and requiring a new authentication session.

  10. #10

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Rogue Devices

    The idea behind it is that you have a valid machine that can login.

    You temporarily disconnect it and put a hub in between the victim and the network.

    You then plug your laptop in with the same ip and mac as the victim and when the victim reauthenticates you will have access to the network.

    So it does require physical access and how many teachers are going to be able to pull this off from a technical point of view anyway?

    Ben

  11. #11

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Devices

    This isn't an issue if you use packet fence.

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Devices

    This isn't an issue if you use packet fence.

  13. #13

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Devices

    This isn't an issue if you use packet fence.

  14. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Devices

    This isn't an issue if you use packet fence.

  15. #15

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Devices

    This isn't an issue if you use packet fence.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. NAS devices
    By Jobos in forum Hardware
    Replies: 24
    Last Post: 18th October 2007, 02:12 PM
  2. Rogue Laptops on Network
    By acrobson in forum How do you do....it?
    Replies: 3
    Last Post: 22nd June 2007, 09:34 AM
  3. Browser Master Rogue
    By john in forum Windows
    Replies: 5
    Last Post: 1st April 2007, 12:06 AM
  4. How can I locate a rogue access point?
    By sidewinder in forum Wireless Networks
    Replies: 6
    Last Post: 6th February 2007, 09:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •