• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Need security device to prevent ppl from un-plugging ethernet cable from wall jack

M

Mizugori

Senior member
Is there a kind of device out there that can physically prevent an unauthorized person from unplugging an ethernet cable from a jack in the wall (ie to plug in their own laptop and try to hack/access the network) ? I know you could restrict the jack to only be used by a certain MAC address but we are seeking a physical security measure. I found some products that can lock a jack when it's not in use, (they block the jack and need a key to remove the blocking device from the wall) but they all prevent the jack from being used - we need something that will allow us to have a cable plugged into the jack, and prevent or at least deter someone from trying to unplug it and plug in their own cable.

Thanks!!
 
Cisco switches have the 1 MAC address functionality. What you might want to consider though is a direct or more hidden run for the cable.
 
yep Cisco and I would assume most other commercial grade switches have mac address sticky, where the first mac picked up on the port is the only one that will work in that port. If someone plugs something else in it disables the port and you have to manually turn it back on, so they also get to rat themselves out.
 
Ummm....what about the other end of the cable? You're asking for something that doesn't allow someone to plug their own cable into the wall jack...what about just unplugging it from the pc/laptop and moving that end of the cable to a new device?

The only good solution to this is Port Security. Restrict access to 1 MAC address and have your problem solved.
 
seepy83 said:
Ummm....what about the other end of the cable? You're asking for something that doesn't allow someone to plug their own cable into the wall jack...what about just unplugging it from the pc/laptop and moving that end of the cable to a new device?

The only good solution to this is Port Security. Restrict access to 1 MAC address and have your problem solved.
Click to expand...

If you read through the links, a physical lock can be put on both ends of the cable. Also, doing a MAC restriction may be a bit of a PITA from the admin side, may not work for non-PC devices (phones), and assumes that the OP has routing equipment capable of implementing it. Also, MAC addresses can be easily spoofed...
 
gsaldivar said:
Also, MAC addresses can be easily spoofed...
Click to expand...

Yes MAC addresses can be spoofed, and you can also take the faceplate off the wall and re-punch the cable onto a new jack.

From an IT Security perspective, my professional recommendation would be to implement Port Security to solve the problem that has been posed. My risk analysis would say that there is much less of a chance for the typical End User to be able to spoof their MAC address or gain access to and change the switch configuration to get on the network with a non-approved device. On the other hand, the chance of a typical End User (or evil-doer/criminal) being able to physically break that Jack Lock, or re-punch the cable is much higher.

Just my own opinion. And yes, Port Security is a pain in the ass to administer and causes many complications. But if the OP is asking this question because he is trying to comply with some kind of regulations, it might be his only valid solution.
 
I think we need to really understand what the op needs and a solution for that can be Recommended.

Op - what are you really trying to do here? Forget about technology. What are you requirements? What are you behavior are you trying to prevent?
 
Last edited:
nickbits said:
Crazy glue
Click to expand...

Yep, or my favorite, hot glue. Plug in cable, apply glue to fill the gaps around it. You will break the plug or cable before you get it out.

In high security areas it is controlled by wiring the cable directly into conduit, there is no jack. On the back of the workstation is a similar card that is hard wired. I don't know who sells those type cards to the general public though, this was a military installation.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top