Security Basics mailing list archives

RE: MAC level authentication or filtering

From: "Roy Sgan-Cohen" <Roys () xor-t com>
Date: Fri, 8 Oct 2004 00:26:48 +0200

We have a product that does MAC filtering and managing.
The product is called SWAT - Switch Access Control and you can find
information on it at -
http://www.xor-t.com/XorSite/Web/Templates/General.jsp?PageId=swat
In short, SWAT is monitoring every MAC that is found in the network and
prompts or blocks any unauthorized MAC.
There are a lot of extensions to this, including ESM support (OpenView,
Netview, etc.) to add MAC-IP mapping etc, Physical/Logical support (for
instance, you can set a MAC to be valid only in a specific
room/floor/switch/port etc.).
One of SWAT's major strengths is that it is very easy to implement and
does not require any other installations as clients, RADIUS servers, ios
upgrades, etc.

I will be happy to assist you in any way regarding any specific
information you need.

Sincerely,
Roy              Sgan-Cohen
Security Division Manager
Xor              Technologies
     +972-3-7370737
    +972-54-5636797
      roys () xor-t com 

-----Original Message-----
From: David Nardoni [mailto:dnardoni () firstresponseconsulting com] 
Sent: Thursday, October 07, 2004 6:54 PM
To: security-basics () securityfocus com
Subject: MAC level authentication or filtering

I need a solution that will allow me to prevent a user from coming in to
my office and plugging in a laptop and gaining access to the network.

I have users that are currently using thin clients to connect to the
main server to do all their processing.  If a legitimate user turns bad
and decides to bring in a system (laptop) from home and connect it to
the network and proceed to use their proper username and password to
gather information from terminal services, I want to be able to
recognize that they have plugged in an unauthorized system and keep them
from gaining access to the network.

I welcome all ideas no matter what vendor solution or no matter how
simple or complex.  If you need more info on the situation let me know.



Dave Nardoni CISSP
First Response Consulting Services, Inc.
dnardoni () firstresponseconsulting com

Current thread:

Re: MAC level authentication or filtering, (continued)
- Re: MAC level authentication or filtering Ajay (Oct 08)
  - Re: MAC level authentication or filtering Jon Lawhead (Oct 08)
    - Re: MAC level authentication or filtering Ajay (Oct 12)
- RE: MAC level authentication or filtering Kurt (Oct 08)
  - RE: MAC level authentication or filtering Jay Archibald (Oct 08)
- Re: MAC level authentication or filtering GuidoZ (Oct 08)
- Re: MAC level authentication or filtering Josh Mills (Oct 08)
- Re: MAC level authentication or filtering Jerry Eblin (Oct 08)
- RE: MAC level authentication or filtering Paris E. Stone (Oct 08)
- Fw: MAC level authentication or filtering GUs (Oct 08)
- RE: MAC level authentication or filtering Roy Sgan-Cohen (Oct 08)
- RE: MAC level authentication or filtering Mike (Oct 08)
- FW: MAC level authentication or filtering David Nardoni (Oct 08)
- RE: MAC level authentication or filtering Roy Sgan-Cohen (Oct 08)
- RE: MAC level authentication or filtering Jay Archibald (Oct 12)