Wireless Networks Thread, IPSec in Technical; I was reading some whitepapers the other day of Microsoft’s web site about IPSec and wondered if it would be ...
22nd October 2006, 10:59 PM #1
I was reading some whitepapers the other day of Microsoft’s web site about IPSec and wondered if it would be a good way to stop LAN side attacks / unwanted student laptops gaining access to vulnerable services by just jacking in to a RJ45 point. Now we haven’t had any issues yet but I don’t want it to happen on my watch so to say, and just wondered if anyone had implemented this before, what the pitfalls are.
For ref we have 5 W2k3 servers all R2 and all clients are XP or W2K. Oh yeah and a couple of HP PDAs running Windows Mobile 2003
23rd October 2006, 08:33 AM #2
I looked at this before, but it seems that Microsoft's implementation of IPSec doesn't seem to support DC-DC or DC-Client communication.
23rd October 2006, 08:56 AM #3
By definition IPsec works at layer3. In addition to this, security on the switches should be enabled - each port associated with a MAC address would prevent unknown laptops from connecting to the network.
23rd October 2006, 05:05 PM #4
Have a look at 802.1X authentication if you want to prevent people connecting random devices to your LAN. It works the same way as WPA with wireless access points using Radius (IAS in windows speak). Your switches need to support radius authentication however.
23rd October 2006, 06:03 PM #5
I agree with Geoff, 802.1x is ideal for this and i think its developed for situations like this.
24th October 2006, 11:05 PM #6
Thanks Guys I’ll have a look at 802.1x I just upgraded my switches last summer to Netgear Layer2 Managed switches... so I hope they support it... otherwise its a non starter cause I’m not replacing them this year
By Norphy in forum Wireless Networks
Last Post: 22nd June 2007, 03:13 PM
By ITWombat in forum Wireless Networks
Last Post: 25th September 2006, 10:35 PM
By browolf in forum Wireless Networks
Last Post: 16th December 2005, 04:18 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)