Answer the question
In order to leave comments, you need to log in
I
I
I_AM_SHEF2019-08-19 20:29:09
I_AM_SHEF, 2019-08-19 20:29:09
How to properly configure AD network security?
We have an AD+DHCP+DNS server, the gateway is Squid (MikroTik is in front of it).
Please tell me how to protect the domain network from people who can simply plug their PC (or via WiFi) into an Internet outlet and access the network?
As an option - you can give everyone the address statically with binding to the MAC, but I think there is something like arp-tables protection?
Thank you!
2 answer(s)
@Fanta
@tsklab
I was kidding like this: for the left MAC, I gave out addresses via DHCP, which the router closed on itself.
S
Sasha Odarchuk, 2019-08-19 @Fanta
at least block unused ports on switches (it won’t help with Wi-Fi),
as an option on ports, raise port security, but again, it won’t help with Wi-Fi
Stops using 802.1x :)
K
Konstantin Tsvetkov, 2019-08-19 @tsklab
your PC (either via WiFi) to an internet outlet and access the network?It will get an IP on your network, but not access. The computer is not in the domain. Prevent the local administrator from entering the domain. Disable direct internet access. Do not process untrusted computers on the proxy server.
I was kidding like this: for the left MAC, I gave out addresses via DHCP, which the router closed on itself.
Similar questions
K
G
I
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question