RE: DHCP Appliance based on MAC Authentication

[Paul Farrington <paul.farrington () goldmedal co uk>]

Im not sure what you intend to do with this apparent "MAC authentication" I
would presume your going down the route of, "only MACs that you know about
can receive a DHCP address" I,e to protect your LAN from for instance, a
Hacker entering your building and plugging there laptop into your LAN.  If
your DHCP is configured with Reservations they of course won't be issued one
as they are an unknown MAC.

HOWEVER, You have a trade off here of management & functionality versus
exploitability, consider this,, you have 1000s of P.Cs and Laptops, you need
a central database / spreadsheet to manage all the info, plus the time
involved in creating all the reservations, time involved in creating new
reservations, each time a new p.c is bought, AND each time a NIC is replaced
in a P.C... Then you have the time involved to create Helpdesk Processes so
that the Helpdesk give you all this information when necessary... AND FOR
WHAT??? Cos you think you've secured your LAN? Until, someone walks in
either spoofs there MAC to obtain a DHCP address, or even worse, uses Arp
Poisoning and a MAC scanner to act as a router between your clients and
gateway.  It all ends up being a wasted effort.

To me the management isn't worth the effort, especially when its so easily
exploitable and not at all secure.

Regarding the products though, im fairly sure that functionality has been
available on all DHCP servers from Microsoft since NT4. (DNT quote me on
that)


Ta

Paul Farrington


-----Original Message-----
From: Jhon [mailto:imranfbhatti () gmail com] 
Sent: 15 December 2005 02:50
To: mbenedetto () amnh org; security-basics () securityfocus com
Subject: Re: DHCP Appliance based on MAC Authentication

Ok Thanks

I have three products now ,

1.Bluecat Adonis 500
2. MetaInfo Appliance
3.Infoblox1000

Does any body recommend me one appliance based upon his experience?

On 12/15/05, Michael J. Benedetto <mbenedetto () amnh org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> The Bluecat Adonis has basic MAC Authentication now and a more fully
> featured version coming soon.
>
> Michael J. Benedetto, CISSP
> Associate Director of Information Technology
> Network Systems and Information Security
> American Museum of Natural History
>
>
>
> - -----Original Message-----
> From: Jhon [mailto:imranfbhatti () gmail com]
> Sent: Wednesday, December 14, 2005 1:55 AM
> To: security-basics () securityfocus com
> Subject: DHCP Appliance based on MAC Authentication
>
> Hi all,
> I am new to list and need some help regarding securing my LAN.
> I am looking for DHCP appliance which should be capable for authentication
> of MAC addresses.
>
> I Know one product only , MetaIP.
> Purpose the use DHCP appliance is to secure the IP assigning pocess based
o
> n
> MAC Authentication.
>
> Thnaks
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
>
> iQEVAwUBQ6BWGV+rT719mvUdAQgsRAgAgWwRK0fNIlO7TETs2U6F3OWiiHLLkQm2
> pN5oIBzHye2EY6zGuIohazJMo3QtpdJAuXk8yxqvpHocOLXFe1s3JgSF+LOJYei3
> RZSsusm+vno/PSHzQeNSll6OUwah0CKuby5kqLo4P0er3EIFDMkwsuSxROlN/Vym
> wZGvuLFyaWARxQjsLusfhz7kMed7YJRdZyAhuvY7phBDU2l4QBia+XoXJsoRA1df
> 56pNsLW4NvcgJzjuAUsbTMuZSY4Z4ENJuy0IPDjXT+cM5OA4NurPuCQVuEdZQFjV
> xbcmK6qqElzFbf+j/gv5/lqiMGYqOyqSvYCBRb4s/63QZZLSx6/GXA==
> =cQ3w
> -----END PGP SIGNATURE-----

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfoc_ml
----------------------------------------------------------------------------

********************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they 
are addressed. If you have received this email in error please notify 
postmaster () goldmedal co uk

This footnote also confirms that this email message has been swept by 
MIMEsweeper 5.1 for the presence of computer threats.

www.clearswift.com 
********************************************************************** 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfoc_ml
----------------------------------------------------------------------------