Security Basics mailing list archives
Re: Wired security improvements
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Thu, 3 Jan 2008 09:15:25 -0800
On Jan 2, 2008 5:49 PM, Jesse Rink <jesse-rink () wi rr com> wrote:
Hello all. I was hoping for some feedback on some improvement I'm hoping to make at a couple of clients as it relates to their wired network. A bit of a background...
<snip>
The following 5 methods are, as far as I see it, the potential options I have: 1. Lockdown switchports by individual MAC addresses
Netdisco can help with this, somewhat. So can RANCID, if you have Cisco equipment.
2. Implementing IPSec 3. 802.1x on the Wired network 4. A NAC device (HP, Cisco, etc.)
There are some open source NAC implementations. See FreeNAC, Netreg, and Ungoliant.
5. MAC Authentication via RADIUS
Doesn't necessarily require MS IAS - FreeRadius and other OSS implementations can do a lot of heavy lifting for you, if coupled with LDAP. Nice spreadsheet, though. Kurt
Current thread:
- RE: microsoft updates Worrell, Brian (Jan 02)
- Re: microsoft updates Ansgar -59cobalt- Wiechers (Jan 02)
- Re: microsoft updates Vince Hall (Jan 02)
- Re: microsoft updates Alexander Klimov (Jan 03)
- Re: microsoft updates Vince Hall (Jan 02)
- Re: microsoft updates Ali, Saqib (Jan 02)
- RE: microsoft updates Worrell, Brian (Jan 02)
- Wired security improvements Jesse Rink (Jan 03)
- Re: Wired security improvements Kurt Buff (Jan 03)
- Re: Wired security improvements Andrea Gatta (Jan 03)
- Re: Wired security improvements Garry Baker (Jan 04)
- RE: microsoft updates Worrell, Brian (Jan 02)
- RE: microsoft updates Pranav Lal (Jan 03)
- RE: microsoft updates jmacaranas (Jan 03)
- Re: microsoft updates Ansgar -59cobalt- Wiechers (Jan 02)
- <Possible follow-ups>
- RE: microsoft updates David Harley (Jan 02)
- RE: microsoft updates Dixon, Wayne (Jan 02)
- Re: microsoft updates Ansgar -59cobalt- Wiechers (Jan 02)
- Re: microsoft updates Tom Yarrish (Jan 02)
- RE: microsoft updates Edward Ling (Jan 03)