Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Scan for "outsider" Pcs on network

from [Derek Schatz] Network Security [Permanent Link]
Subject: RE: Scan for "outsider" Pcs on network
Date: Wed, 13 Sep 2006 19:48:02 -0400 
Well, instead of a reactive approach of detecting them, why not use a 
preventive approach based on 802.1x at the switch?  A bit of work up front, 
requires your switches to support it, and also requires an authentication 
infrastructure on the back end... but once in place, prevents anyone from 
getting a layer 2 connection without authenticating first.

Derek

---- Gadi Evron <ge@linuxbox.org> wrote: 

=============
I think it depends on what the guy wants.

If all he wants is to find out when new machines show up, the better VA
products can certainly help.
In networks where it's all laptops, without domain/LDAP/similar
integration that simply won't do much good.

If he is interested in more control, he needs a strict network as you
suggest. With physical access it won't prevent people from plugging in if
they really want to, but it would give him more control.

It would also make his life living hell to maintain that network as
functional.

Higher level policy maintenance such as a domain could help, to a level,
if you enforce it.

All that noted, are you following netflows?

        Gadi.

On Mon, 11 Sep 2006, Robert D. Holtz - Lists wrote:


If security is paramount then you would want to setup your switching fabric
to perform MAC based restrictions by port.  This is one of the best ways of
making sure you know what's hooked up.  Anyone just trying to hook up to a
port will get nowhere.

Of course, this doesn't prevent someone from going up to a machine that's
already allowed on the 'net and doing what ever they please.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Lim Ming Wei
Sent: Saturday, September 09, 2006 5:08 AM
To: dhamm@jackofallgames.com; focus-ids@securityfocus.com
Subject: RE: Scan for "outsider" Pcs on network

I come across a program call air-snare that is able to detect that.  But you
will need to have a list of all your systems mac address.  It is like an IDS
program.  I believe that most of the IDS program is able to do that.


-----Original Message-----
From: dhamm@jackofallgames.com [mailto:dhamm@jackofallgames.com] 
Sent: Friday, March 03, 2006 7:48 AM
To: focus-ids@securityfocus.com
Subject: Scan for "outsider" Pcs on network

Is there a way to setup a scan and be notified of an intruding pc that is
physically plugged into the network? When you have an enviroment with a
large amount of network jacks, it's hard to make sure the ones no longer in
use are turned off, and that no "visitors" have sat down to use your network
connections, esp. if you have a large amount of contractors in and out. It
got me to searching the net, and so far I have found one cemmercial product
that can do it, but nothing else. Any suggestions?

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scan for "outsider" Pcs on network, Chris Umphress
Next by Date:  Re: IDS testing tools, Akira Matsuno
Previous by Thread:  Re: Scan for "outsider" Pcs on network, Stefano Zanero
Next by Thread:  RE: Scan for "outsider" Pcs on network, Waters, Chris
Indexes:  [Date] [Thread] [Top] [All Lists]