Need security device to prevent ppl from un-plugging ethernet cable from wall jack

[Mizugori]

Is there a kind of device out there that can physically prevent an unauthorized person from unplugging an ethernet cable from a jack in the wall (ie to plug in their own laptop and try to hack/access the network) ? I know you could restrict the jack to only be used by a certain MAC address but we are seeking a physical security measure. I found some products that can lock a jack when it's not in use, (they block the jack and need a key to remove the blocking device from the wall) but they all prevent the jack from being used - we need something that will allow us to have a cable plugged into the jack, and prevent or at least deter someone from trying to unplug it and plug in their own cable.

Thanks!!

 

[yinan]

Cisco switches have the 1 MAC address functionality. What you might want to consider though is a direct or more hidden run for the cable.

 

[gsaldivar]

http://tinyurl.com/yec8u2v

http://www.dynametric.com/ll-20_lanloc.aspx

http://www.datacomtools.com/wire_managers/panduit-rj45-plug-lock-in-device.htm

http://www.dialcommsltd.co.uk/html/about_rj45_locks.html

 

[Pantlegz]

yep Cisco and I would assume most other commercial grade switches have mac address sticky, where the first mac picked up on the port is the only one that will work in that port. If someone plugs something else in it disables the port and you have to manually turn it back on, so they also get to rat themselves out.

 

[onza]

whats the point of this? I don't understand because I don't entirely work in the industry.

 

[Mizugori]

THANKS gsaldivar!!!!!

 

[gsaldivar]

whats the point of this? I don't understand because I don't entirely work in the industry.

Preventing people from plugging their own equipment into network jacks.

 

[seepy83]

Ummm....what about the other end of the cable? You're asking for something that doesn't allow someone to plug their own cable into the wall jack...what about just unplugging it from the pc/laptop and moving that end of the cable to a new device?

The only good solution to this is Port Security. Restrict access to 1 MAC address and have your problem solved.

 

[gsaldivar]

Ummm....what about the other end of the cable? You're asking for something that doesn't allow someone to plug their own cable into the wall jack...what about just unplugging it from the pc/laptop and moving that end of the cable to a new device?

The only good solution to this is Port Security. Restrict access to 1 MAC address and have your problem solved.

If you read through the links, a physical lock can be put on both ends of the cable. Also, doing a MAC restriction may be a bit of a PITA from the admin side, may not work for non-PC devices (phones), and assumes that the OP has routing equipment capable of implementing it. Also, MAC addresses can be easily spoofed...

 

[seepy83]

Also, MAC addresses can be easily spoofed...

Yes MAC addresses can be spoofed, and you can also take the faceplate off the wall and re-punch the cable onto a new jack.

From an IT Security perspective, my professional recommendation would be to implement Port Security to solve the problem that has been posed. My risk analysis would say that there is much less of a chance for the typical End User to be able to spoof their MAC address or gain access to and change the switch configuration to get on the network with a non-approved device. On the other hand, the chance of a typical End User (or evil-doer/criminal) being able to physically break that Jack Lock, or re-punch the cable is much higher.

Just my own opinion. And yes, Port Security is a pain in the ass to administer and causes many complications. But if the OP is asking this question because he is trying to comply with some kind of regulations, it might be his only valid solution.

 

[spidey07]

I think we need to really understand what the op needs and a solution for that can be Recommended.

Op - what are you really trying to do here? Forget about technology. What are you requirements? What are you behavior are you trying to prevent?

 

[nickbits]

Crazy glue

 

[Modelworks]

Crazy glue

Yep, or my favorite, hot glue. Plug in cable, apply glue to fill the gaps around it. You will break the plug or cable before you get it out.

In high security areas it is controlled by wiring the cable directly into conduit, there is no jack. On the back of the workstation is a similar card that is hard wired. I don't know who sells those type cards to the general public though, this was a military installation.