Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MAC Authentication device

From: InCisT <InCisT () popsikle net>
Date: Wed, 19 Nov 2003 20:41:20 -0500
Joann Jane wrote:
The consultants will be on-site, and my client want to be able to control them by giving them a PCMCIA Network Card. 

We don't even allow wireless cards, these will be wired network cards.
Any idea on how to ONLY allow authorized people to get on the network? Problem is that we can't control who can get on the network because whoever plug into the data jack on the wall can assign themselves an IP, which is mainly our concern. 

Thanks so much.
MAC Spoofing, I know it can be done with SMAC, http://www.klcconsulting.net/smac right?
You could look at ACL lists for your routers. We are aware of the people that can assign themselves an ip on our network, but we have other devices inline that monitor the traffic (stalker boxes) and also IDS on our internal network to detect any anomiles. MAC spoofing can be done with alot of tools, even most of the newer NIC drivers let you set the MAC address right in the driver. You could run a completely the wall jacks on a completly different physical connection and assign each one a vpn account to vpn into your main network. But if someone you dont want on your network is already in the building, you got alot more to worry about then them getting on your network! 

InCisT




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: