Re: MAC Authentication device

["David Nichols" <dnichols () amci com>]

You can still use MAC filtering by having your "trusted network" on one side
of the firewall and everything else on the other.  Think of a
firewall/router as a device that connects two networks, not just a public
network (the internet) to a private network.  Most large scale private
networks use routers to breakup broadcast domains.

As far as an authentication device that only allows a network login based on
a list of allowable MAC addresses, I don't know of one.  But it is an
interesting idea.  In Linux terms, you could probably build a dedicated
authentication server that runs netfilter/iptables rules to kill packets
that aren't on the "approved" MAC list before they even get out of the
TCP/IP stack.  I'm not sure if you can do the same thing on a single Windows
box, but I'm sure you can do it by placing a filtering router between the
authentication server and the rest of the network as suggested above.

David Nichols

----- Original Message -----
From: "aladin168" <aladin168 () hotmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, November 18, 2003 4:54 PM
Subject: MAC Authentication device


> Hi,
>
> Can anyone recommend a device that will do MAC Address Authentication
before allowing a user/computer to connect to the network.  This is
different then MAC Address filtering, which allow or disallow access to the
Internet for the the systems that are already on the network.
> I am trying to find a cheap device that will help me control non-employees
accessing our trusted network.
> Thanks,
> /Kyle
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------