Security Basics mailing list archives
RE: MAC Authentication device
From: "Mike" <mike () superiorholidayadventures ca>
Date: Thu, 20 Nov 2003 08:22:15 -0500
Yes, of course Joann, you're right about that.. I can't believe I didn't catch that! I don't know if you can outright do this with any one device. You could, however, put a few simple ideas together that would make it very hard (read, not worthwhile but still slightly possible) to circumvent: 1. You could, again, lock down your DHCP server to only give out IP addresses to MAC's that you specify. As well, give them a "static" or fixed IP bound to that MAC. 2. If you have a switch that is managed you could bind the known MAC of the client to the port that they're wired to. You may also be able to configure the switch to ignore any MAC's that aren't in your access list. That would depend on your switch. 3. Lastly, if you have a Linux (2.4 IPTables based) firewall you can create an access list that only allows certain IP *and* MAC address combinations access to the Internet. You could also put this firewall in front of your network and it would have the same effect. Other firewalls may allow you to do this, but I'm not familiar with them. In and of themselves, these techniques may not do what you want, but combined together I think it could achieve your goals. They're all relatively inexpensive as well. Mike Fetherston
-----Original Message----- From: Joann Jane [mailto:aladin168 () hotmail com] Sent: Wednesday, November 19, 2003 8:26 PM To: Mike Subject: RE: MAC Authentication device The consultants will be on-site, and my client want to be able to
control
them by giving them a PCMCIA Network Card. We don't even allow wireless cards, these will be wired network cards. Any idea on how to ONLY allow authorized people to get on the network? Problem is that we can't control who can get on because whoever plug
into
the jack can assign themselves an IP, which is mainly our concern. Thanks so much. MAC Spoofing, I know it can be done with SMAC, http://www.klcconsulting.net/smac right?From: "Mike" <mike () superiorholidayadventures ca> To: "aladin168" <aladin168 () hotmail com>,<security-basics () securityfocus com>Subject: RE: MAC Authentication device Date: Wed, 19 Nov 2003 15:03:39 -0500 If you're trying to stop rogue devices from accessing your network
you
could configure your DHCP server to only hand out IP addresses to
MACs
that are in your access list. What kind of DHCP server are you using? Beware that MAC's can be spoofed. Mike Fetherston-----Original Message----- From: aladin168 [mailto:aladin168 () hotmail com] Sent: Tuesday, November 18, 2003 4:54 PM To: security-basics () securityfocus com Subject: MAC Authentication device Hi, Can anyone recommend a device that will do MAC Address
Authentication
before allowing a user/computer to connect to the network. This
is
different then MAC Address filtering, which allow or disallow
access
tothe Internet for the the systems that are already on the network. I am trying to find a cheap device that will help me controlnon-employeesaccessing our trusted network. Thanks, /Kyle-----------------------------------------------------------------------
-
--------------------------------------------------------------------------
-
----_________________________________________________________________ Groove on the latest from the hot new rock groups! Get downloads,
videos,
and more here.
http://special.msn.com/entertainment/wiredformusic.armx --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: MAC Authentication device, (continued)
- Re: MAC Authentication device Tim Syratt (Nov 20)
- Re: MAC Authentication device Oleksandr Darchuk (Nov 20)
- Re: MAC Authentication device Ansgar -59cobalt- Wiechers (Nov 20)
- Re: MAC Authentication device Timo Schoeler (Nov 20)
- RE: MAC Authentication device arek (Nov 21)
- Re: MAC Authentication device Timo Schoeler (Nov 20)
- Re: MAC Authentication device David Nichols (Nov 20)
- Re: MAC Authentication device Kevin Saenz (Nov 21)
- RE: MAC Authentication device Mike (Nov 20)
- Re: MAC Authentication device InCisT (Nov 20)
- Re: MAC Authentication device Fernando Gont (Nov 20)
- RE: MAC Authentication device Mike (Nov 20)
- RE: MAC Authentication device Mike (Nov 20)
- RE: MAC Authentication device Wilcox, Stephen (Nov 20)
- Re: MAC Authentication device Joann Jane (Nov 21)
- RE: MAC Authentication device Batkin, Seva (Nov 21)