Detecting a specific client computer

[Sam Kong]

Hello!

We have a company intranet based on ASP (Win2k, IIS 5.0, SQLServer 7.0).
For security purpose, my boss wants to block some employees from logging in
to our intranet except for from our factory.
Our factory has a SBC DSL (one dynamic IP and it's shared).
I know how to get the client pc's IP address.
But as the IP address is dynamic, I cannot depend on it.

Is there a way that I can detect the user is accessing from our factory
(like router's MAC address)?

One way I brought up is making a page to record the client computer's ip and
making one of our factory's computers automatically call the page.
But this scheme is incomplete as you know.

Any idea?

Sam

 

[Jeff Cochran]

We have a company intranet based on ASP (Win2k, IIS 5.0, SQLServer 7.0).
For security purpose, my boss wants to block some employees from logging in
to our intranet except for from our factory.
Our factory has a SBC DSL (one dynamic IP and it's shared).
I know how to get the client pc's IP address.
But as the IP address is dynamic, I cannot depend on it.

Is there a way that I can detect the user is accessing from our factory
(like router's MAC address)?

One way I brought up is making a page to record the client computer's ip and
making one of our factory's computers automatically call the page.
But this scheme is incomplete as you know.

Any idea?

Several:

1) Use authentication and have user's log into the intranet. Grant
access for those accounts you wish.

2) Configure the systems you want to have access so they fall into
the same network block, use reservations in DHCP to assign them a
specific IP for example.

3) If nobody else uses an SBC DSL line at your organization, allow
the access by the block of IP's that SBC assigns for DSL.

Jeff

 

[Sam Kong]

Hi, Jeff!
Thanks for the reply.

1) Use authentication and have user's log into the intranet. Grant
access for those accounts you wish.

We already have an authentication mechanism. But my boss wants to add
location-dependent control. So if an employee tries to access our intranet
from his/her home instread of factory, we want to block it.

2) Configure the systems you want to have access so they fall into
the same network block, use reservations in DHCP to assign them a
specific IP for example.

I don't think we can do that for the SBC DSL.

3) If nobody else uses an SBC DSL line at your organization, allow
the access by the block of IP's that SBC assigns for DSL.

We considered this. But SBC has so many users and have very different many
subnets (even sparse). According to my experience, the assigned IPs are not
in a block (at least, it's not guessable).

Thanks again.

Sam