LANProtector Example Project 01
Private network addresses, blocking intruders, reserving static network addresses, reserving dynamic network addresses
Network Setup
- Several network servers with assigned static IP addresses between 192.168.1.1 and 192.168.1.10
- Three workstations with MAC addresses 22-22-22-22-22-22, 33-33-33-33-33-33 and 44-44-44-44-44-44 but unknown IP address assigned by DHCP in the range of 192.168.1.1 – 192.168.1.254
- One identified intruder with MAC address 11-11-11-11-11-11
Solution
Download the example Security Project file from Here (right-click and select Save As).
The Ruleset is set to Deny All Default Action and will block any access to the network unless explicitly granted by the defined Rules. That is why there are:
- Allow Network Servers Range Rule to allow network servers with static IP addresses to access the network
- Allow DHCP Assigned Subnet Rules to allow the three workstations with specific MAC addresses to be assigned an IP address in the whole DHCP subnet
- However, since it is possible for DHCP to assign an IP address for a workstation which should be reserved for a server, there are:
- Deny Workstation from Server Range Rules to specifically deny network access to workstations by their MAC addresses if they want to obtain any of the server reserved IP addresses
- And because there is an indentified intruder on the network with specific MAC address, there is:
- Block Intruder Rule to block a specific intruder identified MAC address to obtain any network IP address
Testing
1. The intruder attempts to take a server reserved IP address:
2. Workstation attempts to obtain a server reserved IP address:
3. Workstation attempts to obtain an unallowed network subnet address:
4. Workstation attempts to obtain the allowed network subnet address:
5. Server attempts to obtain an address in the allowed range:
