In some environments it can be helpful to have the ability to turn off an Ethernet port remotely. One case of this is in a public building where you might have a computer kiosk using the port once a week, but the rest of the time it is open for anyone to plug into and you don't want the port to be active to them. I can also see times in a corporate environment where you might want to be able to easily shut off a port if someone gets a virus.
I can handle all of the remote access parts of the project, but what can I do to actually disconnect the Ethernet port? Using relays on all of the lines seems like it would take up a lot of space and cost a good amount of money. Could I use a simple resistor and mosfet or transistor to pull the lines low? I want to make sure that I wont hurt the devices on either side.
Best Answer
It may be quite some trouble to find a relay formally rated with the needed bandwidth, and design the system to maintain characteristic impedance throughout, though in practice you may find that an ordinary one and not worrying about that works. With some thought, you could probably make it work by interrupting only one or two lines rather than all of them.
A lot of professional-grade network equipment does have the capability to enable/disable ports on remote command, often used precisely for the case of isolating infected machines which you mentioned. Even a consumer grade device such as a wifi router running customized firmware could probably do so at least on the scale of all of its downstream ports; though you'll have the added headache of making sure it's wifi is disabled. Atmel used to off an embedded linux evaluation platform for their AVR32 chip with dual ethernet configured as a gateway - one of those would do the job if you can still get one.
And there's always putting a locking cover on the box. This has some advantages in that securing it becomes part of deploying/removing the kiosk, and also that there's a chance staff would notice if the cover were left open.
Finally realize that securing the physical network should be only the first line of defense.