Options

Why can users access the internet ?

amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
in MCSA / MCSE on Windows 2003 General
We have a server 2003 domain at work

If a user who is not part of the domain enters the ip,gateway and dns in their network connection they can access the internet without joining the domain from a spare port on the router

Why is this allowed and how can it be stopped.


Any ideas


Thanks

:D
· Share on FacebookShare on Twitter

Comments

  • Options
    undomielundomiel Member Posts: 2,818
    It is happening below the domain level so having a 2003 domain doesn't really matter in this case. You would need to stop it at the router level. There are people more knowledgeable about routers than I out there so there may be a more elegant solution than this, but what you could do is block all internet access to all computers except for a proxy server which you then route everyone through and then distribute the proxy address through gpo.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
  • Options
    Narendra Kumar PyneniNarendra Kumar Pyneni Member Posts: 2 ■□□□□□□□□□
    amitshah2003uk wrote:
    We have a server 2003 domain at work

    If a user who is not part of the domain enters the ip,gateway and dns in their network connection they can access the internet without joining the domain from a spare port on the router

    Why is this allowed and how can it be stopped.


    Any ideas


    Thanks

    :D
    in the router or switch that u are using, please config the MAC address of all the systems that belongs to your company. or limit the number of ips that you are allowing
    · Share on FacebookShare on Twitter
  • Options
    Mmartin_47Mmartin_47 Member Posts: 430
    Narendra Kumar Pyneni wrote:
    amitshah2003uk wrote:
    We have a server 2003 domain at work

    If a user who is not part of the domain enters the ip,gateway and dns in their network connection they can access the internet without joining the domain from a spare port on the router

    Why is this allowed and how can it be stopped.


    Any ideas


    Thanks

    :D
    in the router or switch that u are using, please config the MAC address of all the systems that belongs to your company. or limit the number of ips that you are allowing

    Yeah you can limit the DHCP scope... else check the router for MAC filtering as well. I use it at home for myself (wireless router).
    · Share on FacebookShare on Twitter
  • Options
    Tyrant1919Tyrant1919 Member Posts: 519 ■■■□□□□□□□
    Port security on the switches would keep people from randomly plugging into ports. Setting up a properly configured proxy would make sure only users that are authenticated on the domain could access the internet.
    A+/N+/S+/L+/Svr+
    MCSA:03/08/12/16 MCSE:03s/EA08/Core Infra
    CCNA
    · Share on FacebookShare on Twitter
  • Options
    IT ManIT Man Member Posts: 159
    You can try setting up 802.1x on the switch. It is alot more involved then port security but works great to prevent rouge devices from joining the network and accessing the internet.
    Shoot for the moon. Even if you miss, you'll still land among the stars. - Les Brown
    · Share on FacebookShare on Twitter
Sign In or Register to comment.