+ Post New Thread
Results 1 to 3 of 3
Wireless Networks Thread, Securing Wired Network in Technical; I am currently looking at upgrading the network switches at our school. We have multiple buildings, all connected to the ...
  1. #1

    Join Date
    Dec 2006
    Location
    US
    Posts
    296
    Thank Post
    62
    Thanked 16 Times in 15 Posts
    Rep Power
    17

    Securing Wired Network

    I am currently looking at upgrading the network switches at our school. We have multiple buildings, all connected to the central server room through a fiber optic network. The server room has multiple Windows Server 2008 servers. Presently, all of our switches are unmanaged. I am planning to begin swapping the main switches for each building soon with a "web smart" switch (D-Link DGS1224TP). This switch says it supports 802.1x port based access control. I am looking at POE switches for a future VOIP phone system and for access points.

    My long term goal is to secure our wired network so that only networked devices with MAC addresses included on some type of "allow" list are allowed to connect (mainly to prevent students from connecting laptops). The problem is that a number of our classrooms have small unmanaged 8 port switches (specifically the D-Link DGS2208 switch). This seems to make securing the wired network more difficult. (I know that MAC addresses can be spoofed, I am mainly trying to make it more difficult for the average user to connect to the wired network).

    My other long term goal is to install Ruckus wireless, with two SSIDs--one for students/teaching staff that allows access to internet only; and one for techs that allows access to internet and local network. I am hoping to setup Ruckus so that no type of MAC "allow" list is needed for wireless access, unlike the wired network.

    Does anyone have any tips on how I might be able to secure this wired network setup? I had looked a little at Windows Server 2008 NAP and Packetfence, but was unsure if either of these are the best solution, and if they would negatively affect what I am trying to do with Ruckus. Ideally I would have managed switches everywhere, but our funds are very limited.

    Thanks for any advice!

  2. #2

    Join Date
    Feb 2009
    Posts
    95
    Thank Post
    3
    Thanked 33 Times in 32 Posts
    Rep Power
    16
    The best way by far is to secure everything with 802.1x authentication via your switches. Normally authenticating client certificates against a RADIUS server. Seems like you've been thinking of this already (plenty of info via a search, and MS page here http://www.microsoft.com/DOWNLOADS/d...displaylang=en). An interim might be this How to Filter MAC Address with Windows Server 2003/2008 DHCP Server Callout DLL (credit to AngryITGuy for that one). I really would replace those 8 port switches. There are some just web based managed switches out there that are cheap(ish), but I don't know how limited funds are...

    Other things to consider would be physical deterrents... PANDUIT|PSL-DCJB|RJ45 BLOCKOUT, X10 AND TOOL, RED | CPC work fairly well to block of spare network ports, but are a bit expensive if you've got lots of ports. Lots of people on these forums suggest snipping off the very end of the RJ45 "clip" so that it makes it hard for anyone without a small screwdriver to unplug a machine from the network (to plug their own in). You can also disable unused ports on your switches, a compromise between leaving them wired up and ready and being a risk, although I doubt that's an option for your little 8 port ones.
    Last edited by Chillibear; 20th February 2010 at 08:33 AM. Reason: tidy up

  3. Thanks to Chillibear from:

    netadmin (24th February 2010)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,705
    Thank Post
    829
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    Both NAP and packetfence should do this for you as long as your clients are Windows XP SP3 or above and should not affect a future wireless setup as long as it is on a seperate network segment (VLAN).

  5. Thanks to SYNACK from:

    netadmin (24th February 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. Securing a Win2k3 Network
    By dave20046 in forum Windows Server 2000/2003
    Replies: 39
    Last Post: 1st December 2009, 01:39 PM
  2. 2 wireless networks and wired network
    By in forum Network and Classroom Management
    Replies: 9
    Last Post: 23rd November 2007, 01:12 PM
  3. Wired & Wireless Securing
    By Samson in forum Wireless Networks
    Replies: 6
    Last Post: 14th August 2007, 10:47 PM
  4. securing wireless network
    By adamyoung in forum Wireless Networks
    Replies: 22
    Last Post: 1st February 2006, 09:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •