Re: Wired security improvements

---

• From: "Kurt Buff" <kurt.buff@xxxxxxxxx>
• Date: Thu, 3 Jan 2008 09:15:25 -0800

---

On Jan 2, 2008 5:49 PM, Jesse Rink <jesse-rink@xxxxxxxxx> wrote:

Hello all.

I was hoping for some feedback on some improvement I'm hoping to make at a
couple of clients as it relates to their wired network.

A bit of a background...

<snip>

The following 5 methods are, as far as I see it, the potential options I
have:

1. Lockdown switchports by individual MAC addresses

Netdisco can help with this, somewhat. So can RANCID, if you have
Cisco equipment.

2. Implementing IPSec
3. 802.1x on the Wired network
4. A NAC device (HP, Cisco, etc.)

There are some open source NAC implementations. See FreeNAC, Netreg,
and Ungoliant.

5. MAC Authentication via RADIUS

Doesn't necessarily require MS IAS - FreeRadius and other OSS
implementations can do a lot of heavy lifting for you, if coupled with
LDAP.

Nice spread***, though.

Kurt

---

• References:
  • RE: microsoft updates
    • From: Worrell, Brian
  • Wired security improvements
    • From: Jesse Rink

• Prev by Date: RE: Password communication
• Next by Date: Re: Wired security improvements
• Previous by thread: Wired security improvements
• Next by thread: Re: Wired security improvements
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2008-01