Security Basics mailing list archives
RE: DHCP Appliance based on MAC Authentication
From: Paul Farrington <paul.farrington () goldmedal co uk>
Date: Tue, 20 Dec 2005 15:48:14 -0000
Im not sure what you intend to do with this apparent "MAC authentication" I would presume your going down the route of, "only MACs that you know about can receive a DHCP address" I,e to protect your LAN from for instance, a Hacker entering your building and plugging there laptop into your LAN. If your DHCP is configured with Reservations they of course won't be issued one as they are an unknown MAC. HOWEVER, You have a trade off here of management & functionality versus exploitability, consider this,, you have 1000s of P.Cs and Laptops, you need a central database / spreadsheet to manage all the info, plus the time involved in creating all the reservations, time involved in creating new reservations, each time a new p.c is bought, AND each time a NIC is replaced in a P.C... Then you have the time involved to create Helpdesk Processes so that the Helpdesk give you all this information when necessary... AND FOR WHAT??? Cos you think you've secured your LAN? Until, someone walks in either spoofs there MAC to obtain a DHCP address, or even worse, uses Arp Poisoning and a MAC scanner to act as a router between your clients and gateway. It all ends up being a wasted effort. To me the management isn't worth the effort, especially when its so easily exploitable and not at all secure. Regarding the products though, im fairly sure that functionality has been available on all DHCP servers from Microsoft since NT4. (DNT quote me on that) Ta Paul Farrington -----Original Message----- From: Jhon [mailto:imranfbhatti () gmail com] Sent: 15 December 2005 02:50 To: mbenedetto () amnh org; security-basics () securityfocus com Subject: Re: DHCP Appliance based on MAC Authentication Ok Thanks I have three products now , 1.Bluecat Adonis 500 2. MetaInfo Appliance 3.Infoblox1000 Does any body recommend me one appliance based upon his experience? On 12/15/05, Michael J. Benedetto <mbenedetto () amnh org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The Bluecat Adonis has basic MAC Authentication now and a more fully featured version coming soon. Michael J. Benedetto, CISSP Associate Director of Information Technology Network Systems and Information Security American Museum of Natural History - -----Original Message----- From: Jhon [mailto:imranfbhatti () gmail com] Sent: Wednesday, December 14, 2005 1:55 AM To: security-basics () securityfocus com Subject: DHCP Appliance based on MAC Authentication Hi all, I am new to list and need some help regarding securing my LAN. I am looking for DHCP appliance which should be capable for authentication of MAC addresses. I Know one product only , MetaIP. Purpose the use DHCP appliance is to secure the IP assigning pocess based
o
n MAC Authentication. Thnaks -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ6BWGV+rT719mvUdAQgsRAgAgWwRK0fNIlO7TETs2U6F3OWiiHLLkQm2 pN5oIBzHye2EY6zGuIohazJMo3QtpdJAuXk8yxqvpHocOLXFe1s3JgSF+LOJYei3 RZSsusm+vno/PSHzQeNSll6OUwah0CKuby5kqLo4P0er3EIFDMkwsuSxROlN/Vym wZGvuLFyaWARxQjsLusfhz7kMed7YJRdZyAhuvY7phBDU2l4QBia+XoXJsoRA1df 56pNsLW4NvcgJzjuAUsbTMuZSY4Z4ENJuy0IPDjXT+cM5OA4NurPuCQVuEdZQFjV xbcmK6qqElzFbf+j/gv5/lqiMGYqOyqSvYCBRb4s/63QZZLSx6/GXA== =cQ3w -----END PGP SIGNATURE-----
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfoc_ml ---------------------------------------------------------------------------- ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster () goldmedal co uk This footnote also confirms that this email message has been swept by MIMEsweeper 5.1 for the presence of computer threats. www.clearswift.com ********************************************************************** --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfoc_ml ----------------------------------------------------------------------------
Current thread:
- DHCP Appliance based on MAC Authentication Jhon (Dec 14)
- Re: DHCP Appliance based on MAC Authentication Micheal Espinola Jr (Dec 16)
- RE: DHCP Appliance based on MAC Authentication David Gillett (Dec 16)
- RE: DHCP Appliance based on MAC Authentication Jeroen van Meeuwen (Dec 17)
- Message not available
- Re: DHCP Appliance based on MAC Authentication Jhon (Dec 17)
- RE: DHCP Appliance based on MAC Authentication Michael J. Benedetto (Dec 17)
- Re: DHCP Appliance based on MAC Authentication Jhon (Dec 17)
- <Possible follow-ups>
- RE: DHCP Appliance based on MAC Authentication Conlan Adams (Dec 17)
- Re: DHCP Appliance based on MAC Authentication Jhon (Dec 16)
- RE: DHCP Appliance based on MAC Authentication David A. Theilman (Dec 19)
- RE: DHCP Appliance based on MAC Authentication Huang, John, GCM (Dec 19)
- RE: DHCP Appliance based on MAC Authentication Paul Farrington (Dec 20)
- Re: DHCP Appliance based on MAC Authentication Jhon (Dec 20)
- Applying Group Policies to selective OUs... G.Sivasubramanian (Dec 21)
- Re: Applying Group Policies to selective OUs... Gaddis, Jeremy L. (Dec 26)
- Applying Group Policies to selective OUs... G.Sivasubramanian (Dec 21)
- RE: DHCP Appliance based on MAC Authentication Conlan Adams (Dec 26)