Then the attacker will succeed in getting network access.
MAC-based security will prevent casual compromise. For a determined
physical attacker, you need something like 802.1x.
On Fri, 2005-01-21 at 20:38 -0600, Miroslaw Slawek Chorazy wrote:
> What if user manually alters the NIC and changes his/her NIC address to
> that which was registered to and unplugged from the physical port?
>
> >>> "Bauer, Henry" <Henry.Bauer (at) lendingtree (dot) com [email concealed]> 1/21/2005 09:43 >>>
> A more comprehensive way to accomplish the same thing is ethernet MAC
> locking your switch. Ciscos, at least, can be told to learn one MAC,
> then if anything else is plugged in, it disables the port. You don't
> have to configure each MAC. Manually disable any unused port.
MAC-based security will prevent casual compromise. For a determined
physical attacker, you need something like 802.1x.
On Fri, 2005-01-21 at 20:38 -0600, Miroslaw Slawek Chorazy wrote:
> What if user manually alters the NIC and changes his/her NIC address to
> that which was registered to and unplugged from the physical port?
>
> >>> "Bauer, Henry" <Henry.Bauer (at) lendingtree (dot) com [email concealed]> 1/21/2005 09:43 >>>
> A more comprehensive way to accomplish the same thing is ethernet MAC
> locking your switch. Ciscos, at least, can be told to learn one MAC,
> then if anything else is plugged in, it disables the port. You don't
> have to configure each MAC. Manually disable any unused port.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]