Question : Non approved laptops getting IP and access to network, need to block this

Hi people,

we have a school network with very good security software that works well, but the students have discovered plugging in a CAT5 cable from the back of a secured / locked down PC into their laptops gives them access to the internet uncontrolled and unmonitored, clearly this is an issue, I have some of the rogue laptops listed in my DHCP lease, but I want to stop them from evening getting an IP address is this possible?

We run AD and and have a full windows2003 server implementation, with a cisco pix firewall and switches.

Thanks

BzBo

Answer : Non approved laptops getting IP and access to network, need to block this

Another way is filter by mac-address on vendor ID.
If all your pc's have network cards supplied by the same manufacturer then you can "permit" the vendor ID mac address, and deny anything else.
Although this will still allow laptops with same vendor network cards as the pc's, its probable that the number of un-authorised connections will be reduced.

This depends on what type of switches you have and if they are capable of mac-address filtering.

Another method is to use a proxy server. Pix firewall configured to only accept requests from the proxy server. If pc's are locked down correctly then users will not have access to the LAN setting on the browser in order to determine which proxy server is in use.