Then what other solution i should go with...[/quote]Why AD,
If he is using linux?
Security Issue
AOA,
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
-
- Naik
- Posts: 87
- Joined: Tue Mar 06, 2007 4:58 am
- Location: Karachi
- Contact:
you can Use SAMBA as a domain control plus you can also use Fedora Directory Server which is like MS AD .
AD can not be configured on linux , but one way to confgure AD on linux is WINE Server if you use wine , you will be in much trouble ... friend.there are other security issues with wine itself ....
Fedora Directory server is a better option ...
Regards.
AD can not be configured on linux , but one way to confgure AD on linux is WINE Server if you use wine , you will be in much trouble ... friend.there are other security issues with wine itself ....
Fedora Directory server is a better option ...
Regards.
-
Raheel Ahmad
Raheel Ahmad
AOA,
Thanks for sharing such informations with me. I will try to configure Fedora Directory Server ASAP, and wil let all you Guyz know wheather it works for me ot not
Again Thanks alot for heloing me.
Thanks for sharing such informations with me. I will try to configure Fedora Directory Server ASAP, and wil let all you Guyz know wheather it works for me ot not
Again Thanks alot for heloing me.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
AOA,
Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
-
- Naik
- Posts: 87
- Joined: Tue Mar 06, 2007 4:58 am
- Location: Karachi
- Contact:
AOA,
Still i am unable to do any work on FDS, my Semester Exams are starting up. So after that i will INSHALLAH start work on FDS
Still i am unable to do any work on FDS, my Semester Exams are starting up. So after that i will INSHALLAH start work on FDS
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Dear raheelraheelahmad wrote:Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..
I hope this will help you ... much ...
please let us know your response ... I can write the script for you but on weekend sorry for delay ...
regards.
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
-
- Naik
- Posts: 87
- Joined: Tue Mar 06, 2007 4:58 am
- Location: Karachi
- Contact:
kbukhari wrote:Dear raheelraheelahmad wrote:Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..
I hope this will help you ... much ...
please let us know your response ... I can write the script for you but on weekend sorry for delay ...
regards.
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
What are you talking about ...................
-
Raheel Ahmad
Raheel Ahmad
is there something wrong with your keyboard...................? once again, raheel, don't quote yourself.raheelahmad wrote:What are you talking about ...................
active directory or fedora directory server are extremely heavyweight solutions to this minor problem. pppoe is much simpler to implement, and has easy to use client support in linux, windows, and other operating systems.
AOA,
Thanks for telling me other options, whenever i will get time i will certainly start work on all the options.
Again Thanks to everyone.
Thanks for telling me other options, whenever i will get time i will certainly start work on all the options.
Again Thanks to everyone.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
-
- Naik
- Posts: 87
- Joined: Tue Mar 06, 2007 4:58 am
- Location: Karachi
- Contact:
kbukhari
I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.
In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
I hope you guys are getting my point ......
Regards,
RA.
In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
I hope you guys are getting my point ......
Regards,
RA.
-
Raheel Ahmad
Raheel Ahmad
Re: kbukhari
just set up a pppoe server, and configure it to hand out ip addresses in a fixed range (like with dhcp). give each user a username/password, use the builtin tools on their system (windows, linux, whatever) to authenticate with the username/password. once you have their assigned ip address, you can let them access the internet (add an iptables rule to the nat table, for example).raheelahmad wrote:I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.
there are many guides for this sort of stuff -- just search for "pppoe server".
there's no way to sniff the actual username/password if you use chap authentication. that's your security. also, again, active directory or any other directory service is a heavy-weight solution. it requires you to do a lot of configuration on the user's system -- something you'll need to repeat if they reinstall or get a new computer or whatever. but pppoe? no problem.In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
-
- Naik
- Posts: 87
- Joined: Tue Mar 06, 2007 4:58 am
- Location: Karachi
- Contact: