Page 4 of 4 FirstFirst ... 234
Results 31 to 35 of 35

Thread: Mystery Machine Invades Network?

  1. #31
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    jinxy

    That was my point.

    Obviously the guy has rights that maybe he shouldnt have??

    You cant just change a machine name without adding it into the domain...somehow

    MLF
    edit>

    sorry..looks like we were all posting at the same time.

    I would definately heed advise given by phishphreek80

    How people treat you is their karma- how you react is yours-Wayne Dyer

  2. #32
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    he purchased that laptop for use at home and here
    I'm assuming he bought it with his own money. This may be a messy situation as telling users what they can and can't do with computers that they bought is never fun, "Oh by the way you can't have admin rights on your laptop anymore".

    In theory it's straight forward, "If you want to work here do as we say" but we all know how that's going to go over. Although you said he's on everyone's **** list so maybe it will make him quit.

    Good luck
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  3. #33
    I'm assuming he bought it with his own money. This may be a messy situation as telling users what they can and can't do with computers that they bought is never fun, "Oh by the way you can't have admin rights on your laptop anymore".
    That's exactly the issue. However, laptops that use wireless are not allowed to join the domain. They pick up the wireless connection for Internet usage, but have no access to local network resources.

    I've been thinking about breaking out network into subnets for a while now, and I just used this experience as a prime example to make the case for it to my boss. We also have a web server that I think should be sitting on a DMZ instead of right here on the main network with everything else.

  4. #34
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    this guy has a laptop running p2p. even if he doesn't p2p at work (which im hoping for your sake) he does at home them comes in and just connects!! does he know enough to keep your job?

    when you find some kids from SE asia using your network for a playground or your email server winds up on a black-hole list and your network goes down with a virus your the one that's going to take the heat. he should be coming to you for approval evertime he wants to connect or just put the desktop back.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #35
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I've been thinking about breaking out network into subnets for a while now, and I just used this experience as a prime example to make the case for it to my boss. We also have a web server that I think should be sitting on a DMZ instead of right here on the main network with everything else.


    Tell your boss from me:-

    Everything that cannot be implicitly trusted must not be allowed on the trusted network... period. This includes services that are available to the public such as HTTP, SMTP, FTP etc. and laptops that are unable to restrict the user from altering the security settings set via policy by the IT department, (or the local geek in your case...). Entities such as that should be DMZed or placed outside the firewall and any access to the trusted network from them should be on a different service or, at a minimum, a different type of the service that requires an attacker to have two simultaneously unpatched exploits for different systems. Uncontrolled laptops should attach to the WAP and have to VPN into the trusted network under restricted conditions. The only exception I can think of for this is Outlook Web Access over SSL.... I still can't find a sensible solution for this that doesn't allow several critical ports to be opened from the DMZ to the trusted as opposed to the single port allowed directly through... What can I say? I'm an idiot....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •