P
Paull
Hi, we are looking for the best way to isolate a few
Admin servers from unauthorised access.
The servers will be in a dept that is hanging off a HP
2650 switch.
We are thinking of filtering access to this dept via Mac
filtering on a Vlan port of the switch. Problem with this
is that someone could quite happily plug their notebook
into an admin port in another building and turn on a
packet sniffer. They'll see some packets for sure over
time and learn the MAC addresses. You can program a new
MAC address into the driver settings for most network
cards.
OR
We are looking at protecting these servers by having
different subnets.
Something like:
Students: 192.168.0.0 / 255.255.255.254
Servers: 192.168.2.0 / 255.255.255.254
Staff: 192.168.4.0 / 255.255.255.252
The idea that the key servers are accessbile only by
machines on the Server or Staff subnet.
Any comments on the above two possible solutions?
regards
Admin servers from unauthorised access.
The servers will be in a dept that is hanging off a HP
2650 switch.
We are thinking of filtering access to this dept via Mac
filtering on a Vlan port of the switch. Problem with this
is that someone could quite happily plug their notebook
into an admin port in another building and turn on a
packet sniffer. They'll see some packets for sure over
time and learn the MAC addresses. You can program a new
MAC address into the driver settings for most network
cards.
OR
We are looking at protecting these servers by having
different subnets.
Something like:
Students: 192.168.0.0 / 255.255.255.254
Servers: 192.168.2.0 / 255.255.255.254
Staff: 192.168.4.0 / 255.255.255.252
The idea that the key servers are accessbile only by
machines on the Server or Staff subnet.
Any comments on the above two possible solutions?
regards