[ale] OT: laptops on a network, security

Jonathan Rickman jonathan at xcorps.net
Fri May 30 09:43:26 EDT 2003 

On Fri, 30 May 2003, J.M. Taylor wrote:


> 2) what are the risks I'm not thinking of in this situation? ie, what do
> I need to think of securitywise that normal precautions taken in a
> computer lab can't cover (since the computer lab is a controlled OS, and
> the laptops would not be).  I recognize that our options are very
> limited, and that from a security perspective the outlook is pretty
> grim.

It is indeed grim, and reducing the risks will increase the costs
associated significantly. There are folks out there who design networks
like this from the ground up every day and are much better at this sort of
thing than I am. Maybe there's one on the list.

> 3) Are there any technologies (such as RADIUS, of which I know next to
> nothing of its capabilities) that I should be acquainted with that will
> limit network access to authorized users, but not be machine-based?

As Bob pointed out, user authentication will accomplish very little. What
you need is a method for authenticating machines. This is not impossible,
but is impractical in most cases. The U of U solution mentioned earlier
probably comes as close to accomplishing this as anything I can think
of off the top of my head...taking cost into consideration of course.

> I'm not in charge of this project, so a laundry list of further research
> would be wonderful. I've never had any experience with this type of
> network, so I don't even know what questions to ask (fortunately, I'm
> not in charge of this project).  Thanks to all for the responses (and
> the more interesting ways of dealing with repeat offenders!!).



Resources...

http://standards.ieee.org/getieee802/download/802.1X-2001.pdf
http://www.ietf.org/internet-drafts/draft-ietf-pana-pana-00.txt
http://www.toshiba.com/tari/pana/pana-faq.txt
http://standards.ericsson.net/lists/ietf-send/msg00070.html
http://www.ietf.org/proceedings/01mar/slides/burp-1/tsld001.htm
http://www.open1x.org/


--
Jonathan Rickman
X Corps Security
http://www.xcorps.net



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list