Re: Who is connected to network

["Alexander E. Belck" <alexb@atix.com.br>]

Can you give some more tips how you setup the VPN ?
What kind of VPN you use. Do you have a IPsec server our PPTP ?
Who establish the VPN at the client side, is it the wireless client or a
host/router behind it ?

Thanks,

Alex

Em Qua 05 Jan 2005 14:38, Michael Balasko escreveu:
> Currently we have coded something in house that scrubs all the
> connectivity devices for the mac addresses and will email us when an
> unauthorized device shows up on the network (All Cisco gear). There is
> work in progress to expand this to automatically clip the port and fire
> off a series of emails and other actions.  Additionally, all of the
> ports on the switches are configured to allow only one device into a
> port, so it would be very difficult to drop a hub in place and start
> sniffing. There are also a few other tricks in place to prevent man in
> the middle attacks and a few other exploits.
>
> As far as the wireless stuff goes, it would be amazingly difficult but
> not impossible to get it right. Our AP's will not allow authentication
> without the client mac being pounded into our ACS servers.(MAC spoofing
> isn't all that hard, but) Also the AP's don't broadcast the
> SSID's(fairly easy to get around). In the case that someone gets the
> first two right, they need to then figure out the name of the VPN
> servers. We do not allow any type of access from the AP's without a VPN
> session established. Then they need to get the VPN settings right and
> also need to have a user account comprised that had VPN access. Not
> impossible, but quite difficult for someone to do without making any
> "noise" that we would be alerted on.  At that point the access lists on
> the AP's keep you from really touching any of the gear that would hurt us.
>
> All that being said there are million of exploits out there and lots of
> tools, but we feel that we have a fairly good system in place to deter
> all but the very skilled and very determined person out there.
>
> Hope that provides a bit of info you were looking for. Feel free to ask
> any ?'s if you have any.
>
> Mike Balasko
> Network Specialist II
> City of Henderson
>
> it clown wrote:
> >Is there a way to see who is connected to your network.
> >
> >Say if you have a wireless network and you need to know if
> >someone got it right to get onto your network.
> >
> >How do you monitor that and how do you prevent it?
> >
> >Even on a normal network how could you monitor who is
> >connected to your network?
> >
> >Regards
> >_____________________________________________________________________
> >For super low premiums, click here http://www.dialdirect.co.za/quote