Why can users access the internet ?

amitshah2003uk

We have a server 2003 domain at work

If a user who is not part of the domain enters the ip,gateway and dns in their network connection they can access the internet without joining the domain from a spare port on the router

Why is this allowed and how can it be stopped.

Any ideas

Thanks

Find more posts tagged with

Comments

undomiel

It is happening below the domain level so having a 2003 domain doesn't really matter in this case. You would need to stop it at the router level. There are people more knowledgeable about routers than I out there so there may be a more elegant solution than this, but what you could do is block all internet access to all computers except for a proxy server which you then route everyone through and then distribute the proxy address through gpo.

Narendra Kumar Pyneni

amitshah2003uk wrote:

We have a server 2003 domain at work

If a user who is not part of the domain enters the ip,gateway and dns in their network connection they can access the internet without joining the domain from a spare port on the router

Why is this allowed and how can it be stopped.

Any ideas

Thanks

in the router or switch that u are using, please config the MAC address of all the systems that belongs to your company. or limit the number of ips that you are allowing

Mmartin_47

Narendra Kumar Pyneni wrote:

amitshah2003uk wrote:

We have a server 2003 domain at work

If a user who is not part of the domain enters the ip,gateway and dns in their network connection they can access the internet without joining the domain from a spare port on the router

Why is this allowed and how can it be stopped.

Any ideas

Thanks

in the router or switch that u are using, please config the MAC address of all the systems that belongs to your company. or limit the number of ips that you are allowing

Yeah you can limit the DHCP scope... else check the router for MAC filtering as well. I use it at home for myself (wireless router).

Tyrant1919

Port security on the switches would keep people from randomly plugging into ports. Setting up a properly configured proxy would make sure only users that are authenticated on the domain could access the internet.

IT Man

You can try setting up 802.1x on the switch. It is alot more involved then port security but works great to prevent rouge devices from joining the network and accessing the internet.