need more info, first, do you run a dhcp server, if so, you can set rules for which it follows for assigning ip addresses, in some cases you can require specific MAC addresses be assigned specific IP's, all others would be denied, then, when just any old laptop connects to network it doesnt get an ip automatically, second, drilldown your ports, disconnect from the hub/switch those ports that are not in use by a system. third, lock your front doors, and advise staff that outside entities are NOT allowed to use the Company network without the approval of person X or Y, and report any such activity to X or Y. having no available ports for a laptop to plug into, would greatly reduce the possibility of anyone doing so, then it would require disconnecting another system, which hopefully is more noticeable, I did see a script in a magazine a while back that, did network scans of ip addresses, then when a new active IP popped up and alert email was sent to the admin, doubt i can find it now, but it is possible suing some scripts and ingenuity. still i think your best approach would be reducing the number of outlets they can plug into.
good luck Don -----Original Message----- From: Edward Desroches [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 6:14 PM To: [EMAIL PROTECTED] Subject: Restrict Network Access A quick security-basics question. =) Users on NetworkX can bring in a laptop, plug it in, and gain access to the Internet. How can you allow only users logged in with a domain account access to the Internet (not just WWW, all connectivity). The network is running Windows NT servers with Windows 2000 clients. Windows 2000 Server is going to replace NT in the future. If anyone could give an answer relating to a Linux environment as well, it would be helpful. Thanks for any help. -Ed