RE: MAC Authentication device

From: Hasnain Atique (hatique_at_hasnains.com)
Date: 11/20/03

Next message: Jennifer Fountain: "VPN Access for Consultants"

Previous message: Tim Donahue: "RE: Service install without permissions"
In reply to: aladin168: "MAC Authentication device"
Next in thread: InCisT: "Re: MAC Authentication device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'aladin168'" <aladin168@hotmail.com>, <security-basics@securityfocus.com>
Date: Thu, 20 Nov 2003 08:41:41 +0800

Using MAC-based authentication is essentially flawed, since the MAC can
easily be spoofed in softwre. Consider firewalling your entire network,
and allowing access via a VPN which authenticates your trusted users.
Thus, gaining port access or even an IP address from a DHCP server won't
expose your trusted network.

> -----Original Message-----
> From: aladin168 [mailto:aladin168@hotmail.com]
> Sent: Wednesday, November 19, 2003 5:54 AM
> To: security-basics@securityfocus.com
> Subject: MAC Authentication device
>
>
>
>
> Hi,
>
>
>
> Can anyone recommend a device that will do MAC Address
> Authentication before allowing a user/computer to connect to
> the network. This is different then MAC Address filtering,
> which allow or disallow access to the Internet for the the
> systems that are already on the network.
>
>
>
> I am trying to find a cheap device that will help me control
> non-employees accessing our trusted network.
>
>
>
> Thanks,
>
> /Kyle
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Jennifer Fountain: "VPN Access for Consultants"

Previous message: Tim Donahue: "RE: Service install without permissions"
In reply to: aladin168: "MAC Authentication device"
Next in thread: InCisT: "Re: MAC Authentication device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Secure your DHCP
... We have been cleaning this new client's network for the past ... since they work weekends and are not willing to add the MAC ... Multiple user authentication methods: ... IEEE 802.1X: industry-standard way of user ...
(microsoft.public.windows.server.sbs)
Re: Ask EU - Norton AV 2006
... >>>Authentication and encryption. ... >>>only certain MAC addresses to access it (MAC addresses are unique to ... >>mac addresses are programmable in a large proportion of network cards. ... >>authentication by mac address is no authentication at all: ...
(uk.media.radio.archers)
Re: Give access based on location
... The next question would be how to do authentication from a MAC address? ... >> A user has an account on the Corporate network and his laptop has account ... >> on Corporate network. ...
(microsoft.public.windows.server.networking)
RE: How can I track this down?
... Bear in mind that MAC addresses can be changed so the information may not be correct/match a real NIC. ... Also, while the IEEE block is assigned to ASKEY COMPUTER CORP, given the location of the company they are most likely a hardware supplier for Cisco products and the Cisco string you are seeing is the embedded OS/app running on top of the hardware device. ... it's most likely a misconfigured "extra" on an existing device that is polling the Domain for some authentication. ... If you want to track the device down, check the ARP table entries on your routers with CiscoWorks or whatever network device management method you use internally. ...
(Security-Basics)
TidBITS#794/29-Aug-05
... This week's issue brings a potpourri of Mac news, ... Mark Anbinder looks briefly at Google Talk, ... Adding Tiger's AirPort Preferred Network List ...
(comp.sys.mac.digest)