Security Basics mailing list archives
RE: prohibiting visitors from connecting to network
From: "Brian Loe" <knobdy () stjoelive com>
Date: Tue, 25 Oct 2005 14:57:05 -0500
Doh! I thought I said that! Oh well, I do like the options you put forward though. At any rate, MAC address filtering combined with a login scheme of some kind - RADIUS is free enough, depending on your situation - should prove to be a good start. No SINGLE security option is going to work for a determined attacker, or someone who gets physical access to a trusted resource. It's always best to start SOMEWHERE and build upon it.
-----Original Message----- From: Terence Summers [mailto:tsummers () infosecuritylab com] Sent: Tuesday, October 25, 2005 6:07 AM To: security-basics () securityfocus com Subject: Re: prohibiting visitors from connecting to network In terms of network security MAC filtering makes almost no sense. Even basic routers and network cards can modify their MAC addresses. There are effective hacker tools to attack networks with only this kind of protection. Terence infosecuritylabs.comWhy not limit DHCP to known MAC addresses. Theadministrative costs ofthis might be pretty high at first, but you couldeventually work outan automated system for adding/removing machines. That's the only "free" option that I can think of. Even then, though, I believe you can spoof MAC addresses so...-----Original Message----- From: Alexander Suhovey [mailto:asuhovey () mtu-net ru] Sent: Thursday, October 20, 2005 2:01 PM To: 'Cesar Diaz'; security-basics () securityfocus com Subject: RE: prohibiting visitors from connecting to networkWhat I'm looking for is a way to secure DHCP so that only our laptops/workstations can get a DHCP address. I was thinking of something like EAP used for remote access with certificates to keep computers without a certificate fromreceiving anIP address, but I can find any information on implementing this.
Current thread:
- Re: prohibiting visitors from connecting to network, (continued)
- Re: prohibiting visitors from connecting to network xyberpix (Oct 18)
- Re: prohibiting visitors from connecting to network Kurt Buff (Oct 18)
- Re: prohibiting visitors from connecting to network Saqib Ali (Oct 18)
- Re: prohibiting visitors from connecting to network Nobody Special (Oct 18)
- RE: prohibiting visitors from connecting to network Murad Talukdar (Oct 18)
- Re: prohibiting visitors from connecting to network phunked up! (Oct 18)
- Re: prohibiting visitors from connecting to network Mark Leonard (Oct 18)
- RE: prohibiting visitors from connecting to network Alexander Suhovey (Oct 21)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- Re: prohibiting visitors from connecting to network Terence Summers (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 26)
- Re: prohibiting visitors from connecting to network Fred Cohen (Oct 25)
- RE: prohibiting visitors from connecting to network Brian Loe (Oct 24)
- RE: prohibiting visitors from connecting to network McKinley, Jackson (Oct 18)
- Re: prohibiting visitors from connecting to network procengaz (Oct 18)
- Re: prohibiting visitors from connecting to network ponchowest (Oct 18)
- RE: prohibiting visitors from connecting to network Andrew Shore (Oct 18)
- Re: prohibiting visitors from connecting to network danny-wang (Oct 18)
- Re: RE: prohibiting visitors from connecting to network K_D_Youens (Oct 18)
- Re: prohibiting visitors from connecting to network Tony Stahler (Oct 18)
- RE: prohibiting visitors from connecting to network amitk (Oct 18)