[c-nsp] Network Security.
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 7 04:35:34 EST 2012
On 03/07/2012 03:22 AM, Rich Trinkle wrote:
> I apologize if this seems like a "rookie" question. A colleague and
> I have a stance that neither want to budge on. We have a cisco 861w
> core router for our internal network and a typical domain
> server/client access. All of our internal pc's are part of this
> domain and our client pc's obtain a dynamic ip from an internal dhcp
> server. The question is this. Should I be able to take a personal
> laptop that is not setup on our domain, plug into our network, obtain
> an ip address dynamically through our cisco router and browse the
> internet?
What does "should" mean here? Technically, would it work? Or policy,
ought it to work?
If the former, it will depend how you've got things set up.
If the latter, there's no right answer to that. It depends on your
security policy and what you want to achieve. At our site: no; you get
assigned into a VLAN and directed to a "register your machine" page, so
we've got machine -> owner tracking in the event of an abuse or
operational problem.
Some places don't care about that, and just absorb the costs of such
events in order to achieve ease-of-use.
More information about the cisco-nsp
mailing list