Nick, My suggestions, in what I believe is the order of usefulness:
1) Develop an AUP that spells out what is acceptable and not acceptable use of the network. Include verbage that intentional violation of anything in the AUP can result in consequences up to and including termination. (you'll want to consult your HR dept.) Make every user sign it and _enforce_ it. (you'll need mgmt. support obviously) This should be part of a larger security policy document. 2) Don't use IP addresses for authentication. Instead, force everyone to use a username and password. Let them know that the are responsible for any network activity generated by their account. Also let them know that their activity may be logged. (this should be part of the AUP) You can use some open source tools for this: http://www.solsoft.org/nsm/ or if you have a cisco router it also supports authentication proxying with the firewall feature set. 3) Don't give users root or Administrator access to their machines. This should keep them from changing IP addresses. (course, they can always break into the machine) 3) Hard-code IP addresses to MAC addresses in your router and/or firewalls arp table. This is obviously a pain in the butt. In the end, if you cannot prevent users from doing things they aren't supposed to do, your placed in an untenable position, which is why I placed the AUP at the top of the list. Essentially, this is a people mgmt. problem, not a technology problem. Technology solutions will only get you so far. Regards, Kent ----------------------------------------------------------------------- I got some nasty users behind proxying / filtering server,.. sometimes they change their ip address to get out from the restrictions. What should I do to prevent this ? ( I use iptables ) _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
