ACCESS CONTROL IN A LOCAL NETWORK USING THE BASIC CONFIGURATION OF NETWORK DEVICES

The article focused on recommendations for the local network protection from unauthorized access of employees (insider attacks) on the basis of access control, using the basic settings of existing equipment. The use of MAC-based access profiles (MAC-based Access Control) is proposed. The problems of information security at the physical and channel levels, as well as the most common types of attacks are considered. For research purposes, a mockup of a typical local area network was created, including personal computers, ZTE ZXHN H208N modem with support WiFi-access point and the switch DES-1210-52, which connected these devices to the network.Made contact connection to the twisted-pair with clips on the lines Tx and Rx. Kali Linux, tcpdump, bettercap, Wireshark are using as a tools for penetration testing. The network attacks ARP-spoofing with the basic settings of network equipment is discussed. The results of the attack and passive study of the network model are presented. The attack was repeated after activation and configuration IP-MAC-Port Binding, as well as authentication of users based on IEEE 802.1 X standard (MACBased 802.1 X). The results proved the effectiveness of the chosen protective actions.