Re: [fw-wiz] MAC blocking

From: Chris Byrd (cbyrd01_at_gmail.com)
Date: 11/29/05 

To: Eric Appelboom <eric@mweb.com>
Date: Mon, 28 Nov 2005 17:00:30 -0600

If you are avoiding 802.1x and NAC/NAP due to cost of replacing
existing switches, you might consider (assuming a largely Microsoft
environment) what Microsoft calls "Domain Isolation" using IPsec:
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx
http://blogs.msdn.com/James_Morey/

I'd stay away from any MAC based solution, as spoofing a MAC address is trivial.

Chris 

--
www.riosec.com
On 11/25/05, Eric Appelboom <eric@mweb.com> wrote:
> Hi
>
> I would like to white list known MAC address on a subnet and block\deny
> any new MACs.
> If a new MAC is seen the firewall it should not allow that MAC to pass
> traffic out that segment\vlan.
> A similar concept to MAC address locking on Wifi AP's
>
> It would be great to have this as a feature on a protected segment of a
> firewall.
>
> One could script a diff on files containing arp entries and then arp
> poison the IP associated
> to the new MAC (not the correct way) or spoof or bind the offending MAC
> with ifconfig\macmakeup\SMAC and bind to secondary interface.
>
> Any better ideas?   (no 802.1x NAC\NAP please)
>
> Regards
> Eric
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: Word 2008 - does it do right-to-left text
    ... the same thing for Mac Office, they could expect to improve Office sales by ... "Take Windows Office 2007, remove the products that are too hard, remove the ... If Apple RTL support is now sufficiently complete that Microsoft can ...
    (microsoft.public.mac.office.word)
  • Re: Word 2008 - does it do right-to-left text
    ... However Microsoft keep boasting they are the biggest Mac developer team ... outside Apple and yet they cannot manage to do what much MUCH ... As I pointed out NeoOffice already can do r-t-l on a Mac ... We already know we are going to loose VBA support (which even though we are ...
    (microsoft.public.mac.office.word)
  • Re: Spoilered for talk of religion
    ... Microsoft couldn't write an operating system, ... It was a bit like MS-DOS in that it was `the standard OS such as ... Apple came out with the Mac (using a modern CPU rather than the backward ...
    (uk.people.support.depression)
  • Re: 2004 Microsoft Word for Mac versus 11.03 Word for PC
    ... Microsoft Word 2003 Build 11.8026.8036 SP 2. ... Word 2004 on the Mac appears in Word>About Word as Version 11.3 build ... Microsoft provides fonts ... unlikely to welcome or be able to use JPG or TIFF. ...
    (microsoft.public.mac.office.word)
  • MS pays Apple $$$ millions in hush money [Long]
    ... has to do with them using stolen Apple code. ... violations, patent infringement, and stolen code. ... the ongoing rivalry between Apple and Microsoft ... a five year deal for continued development of Office for the Mac ...
    (comp.sys.mac.advocacy)