MAC Address Monitoring
- Thread starter howler
- Start date
Associate
- Joined
- 8 Jan 2009
- Posts
- 513
Sounds like you want to identify rogue machines on your network? or lock it down?
I manage this from another angle, IP addresses are only given to machines whose mac addresses are in an approved list. We use InfoBlox for this, which isn't cheap. But it can be achieved with standard DHCP by assigning a specific IP address to a mac address.
Don't know if that helps
I manage this from another angle, IP addresses are only given to machines whose mac addresses are in an approved list. We use InfoBlox for this, which isn't cheap. But it can be achieved with standard DHCP by assigning a specific IP address to a mac address.
Don't know if that helps
I need to see if someone plugs in an unrecognised machine, I don't really want to spend loads of money on a tool to do as it is pretty unlikely to happen in our small office but it is something we need to be aware of
We don't use Sophos AV so no NAC
Does 2008 server have NAC built in?
We don't use Sophos AV so no NAC
Does 2008 server have NAC built in?
Associate
- Joined
- 8 Jan 2009
- Posts
- 513
I believe there are some open source NAC solutions, not sure how good they are though.
Server 2008 has Network Access Protection (NAP)
Server 2008 has Network Access Protection (NAP)
Associate
- Joined
- 29 Nov 2007
- Posts
- 513
theres a mac trackmodule in Cacti that we use. it periodically queries the network switches via snmp and keep a database of what port they are on etc and also you can do alerting for specific Macs
if needed i reakon we could get it to trigger an action to connect to the relevent switch port and shut it down if needed.
we mainly use it to track down rouge dhcp servers that average 1 per year.
if needed i reakon we could get it to trigger an action to connect to the relevent switch port and shut it down if needed.
we mainly use it to track down rouge dhcp servers that average 1 per year.
Associate
- Joined
- 8 Jan 2009
- Posts
- 513
As I said earlier, you could do this purely from DHCP by assigning static IP addresses to your machines and setup exclusions. If you have a small number of machines this is quiet manageable - I have 600ish I manage this way. But it depends how secure you want to be, for me this is enough, our students are barely computer literate 
An attacker would have to steal an IP address from a machine and set it statically or spoof a MAC to get access to the network.
You could also setup something like Cacti monitoring MAC addresses as an extra precaution
An attacker would have to steal an IP address from a machine and set it statically or spoof a MAC to get access to the network.
You could also setup something like Cacti monitoring MAC addresses as an extra precaution
Soldato
- Joined
- 17 Oct 2002
- Posts
- 3,941
- Location
- West Midlands
Have you considered DHCP Snooping? That is if your switches support it?
http://en.wikipedia.org/wiki/DHCP_snooping
http://en.wikipedia.org/wiki/DHCP_snooping