I am looking for a solution that would require any computer user on a LAN to enter a password in order to access the Internet.
We do not want to restrict it at each individual computer because people have in the past brought in their personal laptops, etc. and plugged them into the network defeating that technique.
It is a small network. There is no server the users log in to, just about 8 legitimate workstations. The problem occurs mostly after hours or on 2nd and 3rd shifts.
Thanks in advance.
32 Answers
The only real way to do this is to set up a proxy server that requires authentication.
See:
On a small network like yours this is a lot of work for such a small result.
It would be better to just restrict access to the network itself from "foreign" computers. Most routers allow you to do this by listing the MAC addresses (sometimes called Ethernet address) of allowed computers and then not permitting network traffic from any other device.
Look for a section in the router configuration called "Ethernet Filtering" or "MAC Filtering". Most routers even have a quick entry system that will enter all the devices it can currently see into the table.
Now you can go back to having users log in to the computers.
1Take a look at IEEE 802.1X
Though deploying 802.1X authentication wouldn’t encrypt the Ethernet traffic, it would at least stop them from sending on the network or accessing any resources until they’ve provided login credentials.What is 802.1X? Everything you need to know about LAN authentication
