Click here to get back home

Application to Automatically Map Network and Notify About Rogue Hosts?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Application to Automatically Map Network and Notify About Rogue Hosts? Will 03-08-2008
Posted by Will on March 9, 2008, 2:27 pm
Please log in for more thread options
> > Does any vendor make an application that passively listens to all
ethernet
> > segments on a computer, and then notifies the administrator if any
> > unauthorized IP or ethernet Mac address shows up on any segment? You
> > would
> > obviously need to feed into such an application the IPs and Mac
addresses
> > that are authorized for your network. But when a contractor shows up
or
> > someone plugs in a new computer, the administrator would know about it
the
> > instant it happens.
>
> One way I would like to address this requirement is at the
switches/router.
> If they were configured with the allowed hosts, perhaps something more
> strong than just MAC/IP, and would for all other hosts send back
indication
> of host unreachable for TCP and also forward copy of packet on to the
local
> blackhole machine for all protocols.

My main requirement isn't to deny access to that traffic. My main
requirement is to get instant notification that such traffic exists. I
want to know about the behavior of people so that I can give them feedback
about what is acceptable and what is not. And if someone is acting really
outrageously I need to address that behavior.

--
Will



Posted by Kurt on March 10, 2008, 6:16 pm
Please log in for more thread options
 Two ideas to consider: IPSec - ESP or NAP. Either one would allow you to
prevent those rogues from communicating with your managed hosts. Deploying
them together provides a high level of security, but even just using IPSec -
ESP with null encryption will provide a lot of protection for your hosts.

--
Regards,

Kurt Dillard

Want some good security information? Check out some of my recent work...
. NIST Special Publication 800-28 Version 2, Guidelines on Active Content
and Mobile Code (reviewer):
        http://csrc.nist.gov/publications/PubsSPs.html#800-28_Version2
. Windows Server 2008 Security Resource Kit (coauthor):
        http://www.microsoft.com/MSPress/books/11841.aspx
. Windows Server 2008 Security Guide on TechNet (coauthor):
        www.microsoft.com/wssg


>> > Does any vendor make an application that passively listens to all
> ethernet
>> > segments on a computer, and then notifies the administrator if any
>> > unauthorized IP or ethernet Mac address shows up on any segment? You
>> > would
>> > obviously need to feed into such an application the IPs and Mac
> addresses
>> > that are authorized for your network. But when a contractor shows up
> or
>> > someone plugs in a new computer, the administrator would know about it
> the
>> > instant it happens.
>>
>> One way I would like to address this requirement is at the
> switches/router.
>> If they were configured with the allowed hosts, perhaps something more
>> strong than just MAC/IP, and would for all other hosts send back
> indication
>> of host unreachable for TCP and also forward copy of packet on to the
> local
>> blackhole machine for all protocols.
>
> My main requirement isn't to deny access to that traffic. My main
> requirement is to get instant notification that such traffic exists. I
> want to know about the behavior of people so that I can give them feedback
> about what is acceptable and what is not. And if someone is acting
> really
> outrageously I need to address that behavior.
>
> --
> Will
>
>

Similar ThreadsPosted
Black Holing Spyware Sites by HOSTS Lists September 3, 2006, 3:37 pm
SHA-256 and Application Interoperability July 6, 2005, 9:15 am
Can't start my own COM+ Application May 31, 2006, 6:43 am
application monitoring May 6, 2007, 5:11 pm
Client Application Access June 1, 2005, 11:31 pm
Rename Application Policy and use same OID November 22, 2005, 12:21 am
Application Level Security January 3, 2006, 9:18 am
Application security issue May 15, 2007, 2:13 pm
Authorization: Negotiate crashing the web application July 5, 2005, 1:24 pm
activeX controls are prohibited in Application August 9, 2005, 4:35 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap