Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Network "Change Management"

from [Darrell Hyde] Network Security [Permanent Link]
Subject: RE: Network "Change Management"
Date: Thu, 16 Sep 2004 14:04:19 -0400 
Does anyone know of a Linux utility that can watch the MAC 
address tables in Cisco switches and alert admins as to when 
a new device has been plugged in?


I'm not aware of a utility to do that specifically, but if you know a
little Perl, Net::Telnet::Cisco can be great for things like this. Just
pull the entries out of the switch, read them into a database regularly
and generate some sort of alert condition if there are changes.
 

Basically, we have your standard client network with DHCP. 
Internet access is restricted to authenticated users, and so 
are the file shares.
However, we've had a few instances where people just plug in 
their personal laptops which makes me very worried...


My first recommendation here would be to have MAC address authentication
setup on your DHCP server. I believe, ISC's dhcpd supports this. That'll
prevent clueless users from getting a DHCP lease without clearing it
with you first. Your next concern is the clueful user who sees what
subnet his legitimate workstation is on, pings around for a free IP
address and assigns it to his laptop. To prevent that sort of situation,
I'd recommend using MAC ACL's on your switches. That way even if someone
does find a free address and assign it to an unauthorized device, their
frames will never make it past the switch port they're on.

- Darrell
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  LIDS 1.2.2rc3 for Linux kernel 2.4.27 released, Yusuf Wilajati Purna
Next by Date:  RE: Network "Change Management", Evan Pierce
Previous by Thread:  LIDS 1.2.2rc3 for Linux kernel 2.4.27 released, Yusuf Wilajati Purna
Next by Thread:  RE: Network "Change Management", Evan Pierce
Indexes:  [Date] [Thread] [Top] [All Lists]