'RE: Deny client from obtaining IP address'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: Deny client from obtaining IP address
From:       "Anderson, Greg" <Greg.Anderson () qwest ! com>
Date:       2006-07-31 19:52:53
Message-ID: 356AD3C306B1F947961D1E6B7AB229C20126F4A4 () qtdene2k3m02 ! AD ! QINTRA ! COM
[Download RAW message or body]

Yep, I use this technology and or methodology built into a product
called Symantec/ SPM5 formally known as Sygate.

-----Original Message-----
From: Balaji Prasad [mailto:bpmlist@sonic.net] 
Sent: Monday, July 31, 2006 10:41 AM
To: 
Subject: Re: Deny client from obtaining IP address


Rolando:
  The functionality that you are requesting falls in a new breed of
products that use a concept called Network Admission Control or Unified
Access Control. This forms the layer 2 component of the above, where the
authentication is done using 802.1x protocols, subsequent to which the
host is authorized to access the LAN It must be noted however that the
client will need an IP address to get authorized, but it wont be able to
access the network. The auth can be hooked up with AD or Radius as you
please. All major players, Symantec Juniper and Cisco have products in
the market or the pipeline.

- Balaji

> Nathan Sportsman#>
> I believe the only way you can configure a DHCP server to ignore 
> DHCPDISCOVER broadcasts is to setup restrictions by MAC address (which

> can be spoofed). I do not see how you can restrict IP leasing via 
> Active Directory user authentication. You can restrict other network 
> resources until authentication has occurred via AD, but the client 
> system must already have an IP for this communciation to occur. 
> Meaning the DHCP server has already been solicited and assigned an IP.
>
> Thanks
> Nathan
>
> On 7/27/06, rolando_ruiz@jetaviation.com 
> <rolando_ruiz@jetaviation.com>
> wrote:
>> Hello all,
>>
>> Is there a way that in DHCP or so, one can deny a client computer 
>> from obtaining an IP address? We use Microsoft servers ADS 
>> environment and I'd like to allow only those we want to obtain an IP 
>> address. I don't want to make it too restricted where authorized 
>> users are unable to connect. I'm sure there are some 3rd party apps 
>> that can handle this and I welcome suggestions on those also. This is

>> a solution for denying connectivity to outsiders.
>>
>> Thank you
>>
>>
>>
>> ---------------------------------------------------------------------
>> ------
>> This list is sponsored by: Norwich University
>>
>> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA 
>> has designated Norwich University a center of Academic Excellence
>> in Information Security. Our program offers unparalleled Infosec
>> management
>> education and the case study affords you unmatched consulting
>> experience.
>> Using interactive e-Learning technology, you can earn this esteemed
>> degree,
>> without disrupting your career or home life.
>>
>> http://www.msia.norwich.edu/secfocus
>> ---------------------------------------------------------------------
>> ------
>>
>>
>
> ----------------------------------------------------------------------
> -----
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has

> designated Norwich University a center of Academic Excellence in 
> Information Security. Our program offers unparalleled Infosec 
> management education and the case study affords you unmatched 
> consulting experience. Using interactive e-Learning technology, you 
> can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> -----
>
>



------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic