+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Wireless Networks Thread, Features of new switches in Technical; Whatever you mean by "making each server secure" it won't protect you against people plugging their own virus-infected hacking-tool-equipped laptops ...
  1. #16

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Features of new switches

    Whatever you mean by "making each server secure" it won't protect you against people plugging their own virus-infected hacking-tool-equipped laptops to the network. If I had the money for it, full RADIUS would be a must for me.
    What? RADIUS doesn't prevent that. It prevents random kids from plugging their £299 PC World laptop in. It doesn't stop a member of staff plugging in their virus laden work laptop in after bringing it back from their holiday in the south of France (damn those open access hotel networks).

    What you want to stop that, is NAC.

  2. #17

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,651
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831

    Re: Features of new switches

    Quote Originally Posted by Geoff
    Whatever you mean by "making each server secure" it won't protect you against people plugging their own virus-infected hacking-tool-equipped laptops to the network. If I had the money for it, full RADIUS would be a must for me.
    What? RADIUS doesn't prevent that. It prevents random kids from plugging their £299 PC World laptop in. It doesn't stop a member of staff plugging in their virus laden work laptop in after bringing it back from their holiday in the south of France (damn those open access hotel networks).

    What you want to stop that, is NAC.
    I think the key word in his post was own. Which is exactly what you just said

  3. #18
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75

    Re: Features of new switches

    Quote Originally Posted by Geoff
    Whatever you mean by "making each server secure" it won't protect you against people plugging their own virus-infected hacking-tool-equipped laptops to the network. If I had the money for it, full RADIUS would be a must for me.
    What? RADIUS doesn't prevent that. It prevents random kids from plugging their £299 PC World laptop in. It doesn't stop a member of staff plugging in their virus laden work laptop in after bringing it back from their holiday in the south of France (damn those open access hotel networks).

    What you want to stop that, is NAC.
    Our teachers don't have laptops, so RADIUS would protect us just fine - any laptop is a rogue here!

  4. #19

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,622
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235

    Re: Features of new switches

    Thanks for the advice about the cables, I'll probably get the contractor to put four strands of fibre in just to be on the safe side!

    > Whatever you mean by "making each server secure" it won't protect
    > you against people plugging their own virus-infected
    > hacking-tool-equipped laptops to the network. If I had the money for it,
    > full RADIUS would be a must for me.

    A quick Google/Wikipedia check tells me that RADIUS is a protocol to authenticate a user/device before it is allowed to use a network. Pupils and staff can bring their own machines in to connect to our network and can install whatever software they like on them, so I don't think such an authentication scheme is going to be much help.

    Our switches will be arranged in a star topology, connected by some kind of backbone (probably a 2Gbps copper/fibre backbone created by duplexing together several ports on some of the switches). A pupil could connect to a network port and analise any traffic they can see going through that port. Surley this would just be traffic to their own machine and any broadcast packets that get sent around the whole network? If I understand correctly, the only way for them to see any other network traffic would be to break into one of the managed backbone switches or place a physical network tap on a cable somewhere.

    Naturally, a pupil could try and break into a server by finding out a password or exploiting a security hole. I could get the anti-virus package to scan for things like keyboard loggers to stop password capture, and make sure that the servers are up-to-date with the latest patches. Do I understand this all correctly, or are there other cracking tools/methods I need to be aware of?

    --
    David Hicks

  5. #20
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75

    Re: Features of new switches

    Quote Originally Posted by dhicks
    I could get the anti-virus package to scan for things like keyboard loggers to stop password capture, and make sure that the servers are up-to-date with the latest patches.
    Suppose someone connects a laptop infected with a virus which goes looking for other hosts to infect. Would the management on your £150 switch act quick enough to shut that port out before it had dragged the network to a halt? (That question would also apply to faulty NICs, but that's nothing to do with RADIUS, so we'll leave that where it is for now.)

    Quote Originally Posted by dhicks
    If I understand correctly, the only way for them to see any other network traffic would be to break into one of the managed backbone switches
    That would be correct.

    To be honest, your network sounds reasonably secure; it would be more secure with RADIUS of course, but whether or not to get the more expensive switches with that comes down to whether you feel the risk is worth the financial saving.

  6. #21

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,622
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235

    Re: Features of new switches

    > Suppose someone connects a laptop infected with a virus which goes
    > looking for other hosts to infect. Would the management on your £150
    > switch act quick enough to shut that port out before it had dragged the
    > network to a halt? (That question would also apply to faulty NICs, but
    > that's nothing to do with RADIUS, so we'll leave that where it is for now.)

    Actually, I think so, yes. The Dell 2724s support broadcast storm control, which would seem to be the feature to have to stop this kind of thing. This, of course, assumes that all our machines are up-to-date with patches and so forth and it'll just be the ocasional pupil's machine that winds up getting infected with anything.

    --
    David Hicks

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Web Site features....any ideas
    By gibbo_ap in forum Web Development
    Replies: 2
    Last Post: 5th November 2007, 12:26 PM
  2. Anyone using Dell Core switches/edge switches.
    By tosca925 in forum Wireless Networks
    Replies: 13
    Last Post: 6th February 2007, 09:10 AM
  3. Using the R2 mmc features on a XP pc
    By Kyle in forum Windows
    Replies: 6
    Last Post: 23rd November 2006, 08:38 PM
  4. What features would you like to see
    By Dos_Box in forum Windows Vista
    Replies: 9
    Last Post: 15th January 2006, 08:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •