Reining in the LAN client

We'll often see inadequate access control for the local area network (LAN). It is usually considered a 'trusted zone' thus unfortunately a frequently neglected zone. While the LAN may well be the most trusted zone to achieve an appropriate level of layered security authorizing clients attaching to the LAN is paramount. Access to a building or office space is almost certainly regulated but what is not usually controlled is what/who can physically connect to the network medium. Whether it is a consultant summer intern or an employee who decides to bring in a personal laptop or use a non-approved computing device at the workplace there will be the ability for a user (malicious or not) to connect a potentially dangerous device at the heart of your network. This paper will demonstrate an effective way to protect against the threat of unauthorized client devices on a LAN while using common hardware/software combinations that are already deployed at many companies. These readily available tools allow almost any company to implement this solution to achieve an additional layer of security critical to maintaining a secure network.