Security Data Jacks.
Rodney
security concerns we all are facing nowadays my group has been tasked
with making the network more secure to intrusion. My part is the
physical side, the power that be want it so that you have to have a
special patch cord to hook into the network, the data jack itself
would be keyed so that only the right patch cords would work. So what
I am looking for is Jacks that have a security key to them so no
standard RJ45 would ever fit. The Siemon P-8-8K will not work. Does
anyone out there know of such a beast?
Anonymouse
instead used RJ11 panels and had special patch cables made: 1 end RJ45 (for
the equipment), the other RJ11 (for the panel).
They only ran 10BASET and didn't have any noticable degradation in their
Ethernet plant.
I've never tried to find Cat6 or Cat5E rated RJ11 jacks.
I leave it to the group to discuss the pros and cons of this approach in
your situation.
"Rodney" <rod...@ci.grandjct.co.us> wrote in message
news:67e43bda.02121...@posting.google.com...
Andy Kelly
These people do some jacks that require a special key to insert and remove a
patch lead:
Justin Time
The better solution is done in the closet. Using a 110 - RJ patch
cord. The horizontal cables are terminated on 110 blocks then patched
from the 110 block to the hub/switch. The 110/RJ patch cords are
available from several manufacturers or you can buy the 110 component
from Siemon and cut long FACTORY MADE patch cords in half.
The second, and most secure method would be to implement SMNP and
disable unused ports on each hub/switch. That would require a
two-step activation. Not only would they have to have the special
patch cord in the closet, the Network Operations Center (NOC) would
have to use Open-view or something similar to activate the port on the
hub/switch.
Robert S. Ely (Bob)
Rodney,
Keep in mind that you'll be breaking standard at that point. The RJ45 is the
standard plug/jack used. Standard as in TIA/EIA T568A/T568B cabling standards.
The best way to deal with security of a data network is in software via login
security/authentication. Simply connecting to a jack with a different kind of
plug is not very secure.
--
Robert S. Ely (Bob)
rse...@optonline.net
New Lisbon Developmental Center
Communications Systems Technician-3
rober...@dhs.state.nj.us
Work Phone: 1-609-894-4057
Work FAX: 1-609-726-0357
ICQ: 33390750
Yahoo Messenger: rsely74
Don't waste your time on a person, who isn't willing to waste their time on you.
Check out my photos:
http://www.shuttercity.com/ShowGallery.cfm?AcctID=4359
Andy Kelly
news:3DFCE951...@optonline.net...
> Rodney wrote:
> >
> > I am the telecom guy for a small city and because of the rising
> > security concerns we all are facing nowadays my group has been tasked
> > with making the network more secure to intrusion. My part is the
> > physical side, the power that be want it so that you have to have a
> > special patch cord to hook into the network, the data jack itself
> > would be keyed so that only the right patch cords would work. So what
> > I am looking for is Jacks that have a security key to them so no
> > standard RJ45 would ever fit. The Siemon P-8-8K will not work. Does
> > anyone out there know of such a beast?
>
> Rodney,
> Keep in mind that you'll be breaking standard at that point. The RJ45 is
the
> standard plug/jack used. Standard as in TIA/EIA T568A/T568B cabling
standards.
> The best way to deal with security of a data network is in software via
login
> security/authentication. Simply connecting to a jack with a different kind
of
> plug is not very secure.
> --
The RJ45 is not the standard connector. If it was then Avaya's 110 connector
and Krone's highband connector would be non-compliant.
Watson 'Atto Parsec' Name
rod...@ci.grandjct.co.us mentioned...
Seems that this is a poor way to implement security. It would be better
to do it at a higher level, such as in your routers or switches.
--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you put NOSPAM in the
Subject: line. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@
Robert S. Ely (Bob)
>
> The RJ45 is not the standard connector. If it was then Avaya's 110 connector
> and Krone's highband connector would be non-compliant.
Andy,
We're not talking about cross-connects, we're talking about workstation outlets
(jacks for the end user). Pretty much any specifically rated and labeled
cross-connect block or patch panel is fine for the closet.
--
Robert S. Ely (Bob)
rse...@optonline.net
J. Clarke
andy.kel...@ntlworld.com says...
110s are used for cross-connect, which is different, within the
nomenclature of the spec, from a telecommunications outlet/connector.
Krone's highband _is_ RJ-45, or so they claim.
If you want to be pedantic then the "telecommunications
outlet/connector" "shall meet the modular interface requirements
specified in IEC 603-7". 603-7 describes a variety of jacks and plugs
all of which have the common feature that the mating parts have a form
factor compatible with what is commonly known as an "RJ-45".
--
--
--John
Reply to jclarke at ae tee tee global dot net
(used to be jclarke at eye bee em dot net)
Andy Kelly
> Andy Kelly wrote:
>
> >
> > The RJ45 is not the standard connector. If it was then Avaya's 110 connector
> > and Krone's highband connector would be non-compliant.
> Andy,
> We're not talking about cross-connects, we're talking about workstation outlets
> (jacks for the end user). Pretty much any specifically rated and labeled
> cross-connect block or patch panel is fine for the closet.
>
Sorry, didn't realise it was the workstation end.
Andy
William Tasso
rw data - who can be found here: http://www.rwdata.co.uk produce a lockable
network port although last time I looked it wasn't shown on the site. You
may have to phone them for details.
Don't frig about with custom patch cables - it *will* end in tears.
--
William Tasso - http://www.WilliamTasso.com
J. Drew
rather than physical for several reasons:
1. With the MAC address lockdown you could have SNMP traps to tell you when
an unauthorized station is attached.
2. Some switches have the capability to shut down the port when the
unauthorized station is attached, requiring intevention.
Another way that you'd know that someone has been naughty (xmas talk).
3. You'll be building the workstation patch cables, the special jack at one
end, the standard at the other. Is that what you want?
4. You didn't say in your post if this copper plant is to support 100
meg/Gig. If so, you'll need that special plug to be cat5/cat5e compliant.
That might be tough.
5. What prevents the "bad" guy from stealing a cable from the next room or
eyeballing the receptacle and building his own cable?
Last of all, I'll quote my dad - "Locks are there to keep honest people
honest"
Jay
--
_____________
Start at the beginning, and when you reach the end, Stop.
The Mad Hatter
_____________
"Rodney" <rod...@ci.grandjct.co.us> wrote in message
news:67e43bda.02121...@posting.google.com...
touch tone tommy
>> I am the telecom guy for a small city and because of the rising
>> security concerns we all are facing nowadays my group has been tasked
>> with making the network more secure to intrusion. My part is the
>> physical side, the power that be want it so that you have to have a
>> special patch cord to hook into the network, the data jack itself
>> would be keyed so that only the right patch cords would work. So what
>> I am looking for is Jacks that have a security key to them so no
>> standard RJ45 would ever fit. The Siemon P-8-8K will not work. Does
>> anyone out there know of such a beast?
You could do something like terminate your jacks as 568-A, and the
patch panels as 568-B. Use standard patch cables in the closet, then
issue bright-red crossover cables to your users for the workstation
side. It's unlikely that a casual intruder would be packing a
crossover cable with them,
--
Tom Thiel - touch_to...@yahoo.com
"Remember, it don't mean a thing if it ain't got that certain je ne sais quoi" - Peter Schickele (PDQ Bach)
Andy Kelly
> >rod...@ci.grandjct.co.us (Rodney) wrote in message news:<67e43bda.02121...@posting.google.com>...
> >> I am the telecom guy for a small city and because of the rising
> >> security concerns we all are facing nowadays my group has been tasked
> >> with making the network more secure to intrusion. My part is the
> >> physical side, the power that be want it so that you have to have a
> >> special patch cord to hook into the network, the data jack itself
> >> would be keyed so that only the right patch cords would work. So what
> >> I am looking for is Jacks that have a security key to them so no
> >> standard RJ45 would ever fit. The Siemon P-8-8K will not work. Does
> >> anyone out there know of such a beast?
>
> You could do something like terminate your jacks as 568-A, and the
> patch panels as 568-B. Use standard patch cables in the closet, then
> issue bright-red crossover cables to your users for the workstation
> side. It's unlikely that a casual intruder would be packing a
> crossover cable with them,
What if he's running token ring?
James Knott
> You could do something like terminate your jacks as 568-A, and the
> patch panels as 568-B. Use standard patch cables in the closet, then
> issue bright-red crossover cables to your users for the workstation
> side. It's unlikely that a casual intruder would be packing a
> crossover cable with them,
>
Many people carry a cross over with notebooks. I've got one in my computer
bag.
--
Fundamentalism is fundamentally wrong.
To reply to this message, replace everything to the left of "@" with
james.knott.
Michael Quinlan
news:BlZL9.53$yW...@news04.bloor.is.net.cable.rogers.com...
> touch tone tommy wrote:
>
> > You could do something like terminate your jacks as 568-A, and the
> > patch panels as 568-B. Use standard patch cables in the closet, then
> > issue bright-red crossover cables to your users for the workstation
> > side. It's unlikely that a casual intruder would be packing a
> > crossover cable with them,
> >
>
> Many people carry a cross over with notebooks. I've got one in my
computer
> bag.
Or make other modifications to the wiring to the jack, and reverse them in
custom patch cables. It doesn't have to be A on one end and B on the other.
Switching pairs 1 & 2 up to the jack, and switching them back again in the
patch cable should work.
J. Clarke
andy....@ntlworld.com says...
Or gigabit?
In any case, a "casual intruder" isn't likely to be equipped to bust a
simple password.
James Knott
> Or gigabit?
>
Not a problem, unless the switches are locked at Gb only.
James Knott
>> Many people carry a cross over with notebooks. I've got one in my
> computer
>> bag.
>
> Or make other modifications to the wiring to the jack, and reverse them in
> custom patch cables. It doesn't have to be A on one end and B on the
> other. Switching pairs 1 & 2 up to the jack, and switching them back again
> in the patch cable should work.
>
Hmmm... I'll have to remember to pack my crimping tool. ;-)
Robert S. Ely (Bob)
>
> What if he's running token ring?
That's usually on coax and would not be considered as structured cabling as in
x-BaseT/phone cabling. Structured cabling systems are based on UTP/STP/ScTP wire
and RJ45 jacks (workstation outlets). This is some the cabling is NOT device
dependent. It is also installed in Star topology.
--
Robert S. Ely (Bob)
rse...@optonline.net
Robert S. Ely (Bob)
>
> Or gigabit?
John,
GBE can still be run over Cat 5e or 6 UTP/ScTP (or fiber, but we're talking
copper). Now there's an option, Install FO to the desk. It is still a rare thing
to see FO to the desk. Skip the RJ45. They'd have to have a fiber ethernet NIC
and the proper jumpers. Better still 2.4GHz wireless.
> In any case, a "casual intruder" isn't likely to be equipped to bust a
> simple password.
True.
>
> --
> --
> --John
> Reply to jclarke at ae tee tee global dot net
> (used to be jclarke at eye bee em dot net)
Robert S. Ely (Bob)
Michael,
Now you're defeating the purpose of structured cabling standards again.
Security is a soft/firm/hardware (electronic) thing. It's too messy to deal with
it in cabling.
Andy Kelly
news:3E01018D...@optonline.net...
> Andy Kelly wrote:
>
> >
> > What if he's running token ring?
> That's usually on coax and would not be considered as structured cabling
as in
> x-BaseT/phone cabling. Structured cabling systems are based on
UTP/STP/ScTP wire
> and RJ45 jacks (workstation outlets). This is some the cabling is NOT
device
> dependent. It is also installed in Star topology.
>
Token ring can be run over a structured cabling system. There's plenty of it
over here in the UK but it is slowly being replaced by ethernet.
James Knott
>> What if he's running token ring?
> That's usually on coax
No, it's also twisted pair, though often shielded. Coax was used for
ethernet and arcnet, along with some old IBM terminals and other
proprietary systems.
J. Clarke
says...
> "J. Clarke" wrote:
>
> >
> > Or gigabit?
> John,
> GBE can still be run over Cat 5e or 6 UTP/ScTP (or fiber, but we're talking
> copper).
You missed the point. A crossover cable does you no good whatsoever in
prevent someone from connecting to a 1000T system, as it doesn't care if
you're using straight through or crossover.
> Now there's an option, Install FO to the desk. It is still a rare thing
> to see FO to the desk.
Yes, but it's not going to stop a determined intruder.
> Skip the RJ45. They'd have to have a fiber ethernet NIC
> and the proper jumpers. Better still 2.4GHz wireless.
2.4 GHz wireless? For _security_? You might want to familiarize
yourself with the concept of "war driving".
J. Clarke
says...
> Andy Kelly wrote:
>
> >
> > What if he's running token ring?
> That's usually on coax
Coax? Token Ring? ROF,L. It's normally run on IBM Cabling System,
which is the 150 Ohm STP described in EIA/TIA-568A.
> and would not be considered as structured cabling as in
> x-BaseT/phone cabling. Structured cabling systems are based on UTP/STP/ScTP wire
> and RJ45 jacks (workstation outlets). This is some the cabling is NOT device
> dependent. It is also installed in Star topology.
In point of fact 10 and 100 Mb/sec Ethernet run fine on IBM Cabling
System. Gigabit doesn't because it needs four pairs and IBM only
provides two. OTOH, if 1000TX ever happens, it should run--IBM Cabling
System has more bandwidth than CAT6.
>
> --
> Robert S. Ely (Bob)
> rse...@optonline.net
> New Lisbon Developmental Center
> Communications Systems Technician-3
> rober...@dhs.state.nj.us
> Work Phone: 1-609-894-4057
> Work FAX: 1-609-726-0357
> ICQ: 33390750
> Yahoo Messenger: rsely74
>
> Don't waste your time on a person, who isn't willing to waste their time on you.
>
> Check out my photos:
> http://www.shuttercity.com/ShowGallery.cfm?AcctID=4359
>
--
Robert S. Ely (Bob)
> > GBE can still be run over Cat 5e or 6 UTP/ScTP (or fiber, but we're talking
> > copper).
>
> You missed the point. A crossover cable does you no good whatsoever in
> prevent someone from connecting to a 1000T system, as it doesn't care if
> you're using straight through or crossover.
Not really. I stated earlier that cabling is not the way to secure a system.
What I was referring to here is that the previous person suggested using GBE. I
was just saying that it didn't matter. It's still the same thing as 10BT, Just a
different NIC.
>
> > Now there's an option, Install FO to the desk. It is still a rare thing
> > to see FO to the desk.
>
> Yes, but it's not going to stop a determined intruder.
True again. However FO is a little less common at the desk. Still NOT the proper
solution for security.
> > Skip the RJ45. They'd have to have a fiber ethernet NIC
> > and the proper jumpers. Better still 2.4GHz wireless.
>
> 2.4 GHz wireless? For _security_? You might want to familiarize
> yourself with the concept of "war driving".
Yeah, that was a dumb statement. I was tired. I retract that one.
Robert S. Ely (Bob)
> Coax? Token Ring? ROF,L. It's normally run on IBM Cabling System,
> which is the 150 Ohm STP described in EIA/TIA-568A.
I've never done anything with Token ring. That makes sense to me.
> In point of fact 10 and 100 Mb/sec Ethernet run fine on IBM Cabling
> System. Gigabit doesn't because it needs four pairs and IBM only
> provides two. OTOH, if 1000TX ever happens, it should run--IBM Cabling
> System has more bandwidth than CAT6.
The IBM stuff is like 18AWG wire, isn't it?
Michael Quinlan
news:3E010394...@optonline.net...
> > Or make other modifications to the wiring to the jack, and reverse them
in
> > custom patch cables. It doesn't have to be A on one end and B on the
other.
> > Switching pairs 1 & 2 up to the jack, and switching them back again in
the
> > patch cable should work.
>
> Michael,
> Now you're defeating the purpose of structured cabling standards again.
> Security is a soft/firm/hardware (electronic) thing. It's too messy to
deal with
> it in cabling.
Well, yes, but I wasn't aware that I was doing it "again". I think anything
that meets the desires of the original post will be non-standard. I was
only offering my variation as an alternative to requiring crossover cables.
In any case of modified wiring, Joe Intruder would only have to remove the
patch cord from the NIC on an existing PC and plug it into his own NIC, and
he'd be in business.
Robert Redelmeier
> Now you're defeating the purpose of structured cabling standards again.
> Security is a soft/firm/hardware (electronic) thing. It's too messy to
> deal with it in cabling.
The OP specifically wanted a cabling solution. He mentioned some
sort of keyed jacks.
I think it's easier and Structured Cabling Standards compliant
to use non-standard pin assignments and cross wired cables.
Structured Cabling does not have any requirements for what signals
go on what pins.
The cabling in walls from patchpanel to jack could be T-568A or -B
as the municipality prefers. The physical security would be via
chartreuse [or other gross color] custom patchcords that would
cross wire pins 1&2 to 7&8 and 3&6 to 4&5. One of these at the
patchpanel and another [longer] at the jack would suffice.
Of course anyone could disconnect an existing PC and plug in their
evil laptop. No cabling solution even with DIN wallplugs is going
to prevent that. But this _does_ protect open live jacks against
someone just plugging in. It does not stop a determined attacker.
-- Robert
J. Clarke
says...
> "J. Clarke" wrote:
>
> > Coax? Token Ring? ROF,L. It's normally run on IBM Cabling System,
> > which is the 150 Ohm STP described in EIA/TIA-568A.
>
> I've never done anything with Token ring. That makes sense to me.
> > In point of fact 10 and 100 Mb/sec Ethernet run fine on IBM Cabling
> > System. Gigabit doesn't because it needs four pairs and IBM only
> > provides two. OTOH, if 1000TX ever happens, it should run--IBM Cabling
> > System has more bandwidth than CAT6.
>
> The IBM stuff is like 18AWG wire, isn't it?
IBM Type 1 is 22 AWG solid. That's the one described in 568. IBM
defines a number of other types for particular purposes, the most
commonly encountered of which is probably Type 6, which is 26 AWG
stranded and intended to be used for patch cables in conjunction with
type 1.
>
>
> --
> Robert S. Ely (Bob)
> rse...@optonline.net
> New Lisbon Developmental Center
> Communications Systems Technician-3
> rober...@dhs.state.nj.us
> Work Phone: 1-609-894-4057
> Work FAX: 1-609-726-0357
> ICQ: 33390750
> Yahoo Messenger: rsely74
>
> Don't waste your time on a person, who isn't willing to waste their time on you.
>
> Check out my photos:
> http://www.shuttercity.com/ShowGallery.cfm?AcctID=4359
>
--
J. Clarke
says...
> "J. Clarke" wrote:
>
> > > GBE can still be run over Cat 5e or 6 UTP/ScTP (or fiber, but we're talking
> > > copper).
> >
> > You missed the point. A crossover cable does you no good whatsoever in
> > prevent someone from connecting to a 1000T system, as it doesn't care if
> > you're using straight through or crossover.
>
> Not really. I stated earlier that cabling is not the way to secure a system.
> What I was referring to here is that the previous person suggested using GBE. I
> was just saying that it didn't matter. It's still the same thing as 10BT, Just a
> different NIC.
I'm the previous poster and I mentioned gigabit facetiously because it
it will detect whether a straight-through or crossover cable is in use
and will adjust itself accordingly.
> > > Now there's an option, Install FO to the desk. It is still a rare thing
> > > to see FO to the desk.
> >
> > Yes, but it's not going to stop a determined intruder.
>
> True again. However FO is a little less common at the desk. Still NOT the proper
> solution for security.
>
>
> > > Skip the RJ45. They'd have to have a fiber ethernet NIC
> > > and the proper jumpers. Better still 2.4GHz wireless.
> >
> > 2.4 GHz wireless? For _security_? You might want to familiarize
> > yourself with the concept of "war driving".
>
> Yeah, that was a dumb statement. I was tired. I retract that one.
Happens sometimes. Holidays coming--hope you can use them to get some
rest. Hope I can too <grin>.
> --
> Robert S. Ely (Bob)
> rse...@optonline.net
> New Lisbon Developmental Center
> Communications Systems Technician-3
> rober...@dhs.state.nj.us
> Work Phone: 1-609-894-4057
> Work FAX: 1-609-726-0357
> ICQ: 33390750
> Yahoo Messenger: rsely74
>
> Don't waste your time on a person, who isn't willing to waste their time on you.
>
> Check out my photos:
> http://www.shuttercity.com/ShowGallery.cfm?AcctID=4359
>
--
Andy Kelly
news:J1mM9.353$pH3.21...@newssvr12.news.prodigy.com...
> "Robert S. Ely (Bob)" <rse...@optonline.net> wrote:
> > Now you're defeating the purpose of structured cabling standards
again.
> > Security is a soft/firm/hardware (electronic) thing. It's too messy to
> > deal with it in cabling.
>
> The OP specifically wanted a cabling solution. He mentioned some
> sort of keyed jacks.
>
> I think it's easier and Structured Cabling Standards compliant
> to use non-standard pin assignments and cross wired cables.
> Structured Cabling does not have any requirements for what signals
> go on what pins.
>
> The cabling in walls from patchpanel to jack could be T-568A or -B
> as the municipality prefers. The physical security would be via
> chartreuse [or other gross color] custom patchcords that would
> cross wire pins 1&2 to 7&8 and 3&6 to 4&5. One of these at the
> patchpanel and another [longer] at the jack would suffice.
>
The phrase "recipe for disaster" springs to mind. If Rodney installed such a
cabling system and then, god forbid, got run over by a bus, no one would
have a clue what was happening.
J. Drew
prints, spreadsheets chicken scratches on a napkin would be left behind.
There is also a thing called an ohm meter that could be used to figure out
how the patch cable is built and you can re-invent the wheel. So could
someone who wants to break in.
The problem may lie in the "locks and keys" mindset of the managers. They
can see a different plug/receptacle ala the Digital 6 pin connector with the
offset latch and they are delighted. It's eye candy, and possibly not the
best solution.
It's been posted before in this thread, use an electronics means to do a
lockdown on the port. The important thing to mention about using port
lockdown (for the very paranoid) is that the device that implements the mac
address lockdown should accept the address ONLY on the port assigned. I've
see switches where if you put the mac address on port 1, it would allow it
on any of the ports on the switch.
Jay
_____________
Start at the beginning, and when you reach the end, Stop.
The Mad Hatter
_____________
"Andy Kelly" <andy.kel...@ntlworld.com> wrote in message
news:b9qM9.8751$Om2.1...@newsfep2-win.server.ntli.net...
Robert S. Ely (Bob)
Robert,
After all of the thread, why bother with the miswiring the physical link. Who
cares if a machine is plugged into the cabling if they can't login to the
network and access resources. Software and distribution electronics are very
sophisticated and can limit, severely, the access of the more casual user. If
someone has high enough knowledge of networks and is determined to bypass
security, they will get by it anyway. Buy and install regular stuff. It will be
less expensive, easier to troubleshoot and work just as well as specialty stuff.
Leave the security to the switches, routers and servers. That's where it
belongs.
--
Robert S. Ely (Bob)
rse...@optonline.net
D R
> patch panels as 568-B. Use standard patch cables in the closet, then
> issue bright-red crossover cables to your users for the workstation
> side. It's unlikely that a casual intruder would be packing a
> crossover cable with them,
Many of the current models of computers have auto crossover detection. So
this would be defeated by any current Mac and many other brands without
really trying.
Robert S. Ely (Bob)
>
> Many of the current models of computers have auto crossover detection. So
> this would be defeated by any current Mac and many other brands without
> really trying.
D.R.,
When MAC address was mentioned, we didn't mead Macintosh computer. a MAC
address is a device embedded ID number that identifies the device to the
network. Every network device has a unique MAC address. Here's an example of a
MAC address 00-20-40-A7-CD-29. The first couple of hexadecimal digits identify
the manufacturer of the device. It's somewhat equivalent to a device serial
number.
D R
>>this would be defeated by any current Mac and many other brands without
>>really trying.
>
>
> address is a device embedded ID number that identifies the device to the
> network. Every network device has a unique MAC address. Here's an example of a
> MAC address 00-20-40-A7-CD-29. The first couple of hexadecimal digits identify
> the manufacturer of the device. It's somewhat equivalent to a device serial
> number.
I know that. But all current Macintosh computers have built in auto cross
over detection. That was my point.
James Knott
> The important thing to mention about using port
> lockdown (for the very paranoid) is that the device that implements the
> mac
> address lockdown should accept the address ONLY on the port assigned.
> I've see switches where if you put the mac address on port 1, it would
> allow it on any of the ports on the switch.
You could also configure the DHCP server to give addresses to only
recognized macs.
Phil Partridge
a...@ntlworld.com> writes
>"Rodney" <rod...@ci.grandjct.co.us> wrote in message
>news:67e43bda.02121...@posting.google.com...
>> I am the telecom guy for a small city and because of the rising
>> security concerns we all are facing nowadays my group has been tasked
>> with making the network more secure to intrusion. My part is the
>> physical side, the power that be want it so that you have to have a
>> special patch cord to hook into the network, the data jack itself
>> would be keyed so that only the right patch cords would work. So what
>> I am looking for is Jacks that have a security key to them so no
>> standard RJ45 would ever fit. The Siemon P-8-8K will not work. Does
>> anyone out there know of such a beast?
>
>patch lead:
>
>http://www.datwyler.co.uk
>
>
>
This is going back a bit, but just found this..
"Selwyn has introduced a new security sleeve designed to stop unwanted
disconnection of telecoms and network equipment.... Can be retro-fitted
to existing RJ45 cables, securing connections and giving complete peace
of mind."
If it sounds useful, go to www.cabling-world.co.uk, select jan 2003, and
enter product info ref 69 and tick Selwyn under supplier. Enter some
contact details and they will send some info.
Haven't used 'em, just spotted it whilst browsing the mag..
HTH
--
Phil Partridge