Security Basics mailing list archives
Re: MAC Authentication device
From: Kevin Saenz <ksaenz () spinaweb com au>
Date: Fri, 21 Nov 2003 21:43:14 +1100
You can still use MAC filtering by having your "trusted network" on one side of the firewall and everything else on the other. Think of a firewall/router as a device that connects two networks, not just a public network (the internet) to a private network. Most large scale private networks use routers to breakup broadcast domains.
Is this really advised when you can spoof MAC addresses? if you have a client/user that is resourceful enough to elevate their access by finding out your internet activity is based on MAC addresses what would be your course of action? Policies that I enforce my clients to take (I'm not sure if it works in other countries) to advise their clients that internet activity will be monitored and restricted. Usually users/clients fly right when they know big brother is watching.
As far as an authentication device that only allows a network login based on a list of allowable MAC addresses, I don't know of one. But it is an interesting idea. In Linux terms, you could probably build a dedicated authentication server that runs netfilter/iptables rules to kill packets that aren't on the "approved" MAC list before they even get out of the TCP/IP stack. I'm not sure if you can do the same thing on a single Windows box, but I'm sure you can do it by placing a filtering router between the authentication server and the rest of the network as suggested above. David Nichols ----- Original Message ----- From: "aladin168" <aladin168 () hotmail com> To: <security-basics () securityfocus com> Sent: Tuesday, November 18, 2003 4:54 PM Subject: MAC Authentication deviceHi, Can anyone recommend a device that will do MAC Address Authenticationbefore allowing a user/computer to connect to the network. This is different then MAC Address filtering, which allow or disallow access to the Internet for the the systems that are already on the network.I am trying to find a cheap device that will help me control non-employeesaccessing our trusted network.Thanks, /Kyle ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- Regards, Kevin Saenz Spinaweb I.T consultants Ph: 02 4620 5130 Fax: 02 4625 9243 Mobile: 0418455661 Web: http://www.spinaweb.com.au --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- MAC Authentication device aladin168 (Nov 19)
- RE: MAC Authentication device Hasnain Atique (Nov 20)
- Re: MAC Authentication device Tim Syratt (Nov 20)
- Re: MAC Authentication device Oleksandr Darchuk (Nov 20)
- Re: MAC Authentication device Ansgar -59cobalt- Wiechers (Nov 20)
- Re: MAC Authentication device Timo Schoeler (Nov 20)
- RE: MAC Authentication device arek (Nov 21)
- Re: MAC Authentication device Timo Schoeler (Nov 20)
- Re: MAC Authentication device David Nichols (Nov 20)
- Re: MAC Authentication device Kevin Saenz (Nov 21)
- <Possible follow-ups>
- RE: MAC Authentication device Mike (Nov 20)
- Re: MAC Authentication device InCisT (Nov 20)
- Re: MAC Authentication device Fernando Gont (Nov 20)
- RE: MAC Authentication device Mike (Nov 20)
- RE: MAC Authentication device Mike (Nov 20)
- RE: MAC Authentication device Wilcox, Stephen (Nov 20)
- Re: MAC Authentication device Joann Jane (Nov 21)
- RE: MAC Authentication device Batkin, Seva (Nov 21)