doc question on private network IP allocation
Reindl Harald
h.reindl at thelounge.net
Mon Oct 17 08:32:55 UTC 2011
Am 17.10.2011 10:22, schrieb Tim:
> Tim:
>>> Well, in the case of MAC filtering, it's nothing to do with
>>> "security." It's merely closing an unlocked door in someone's face.
>
> Alan Cox
>> No.. security is not a boolean. MAC filtering is very useful for
>> stopping inadvertent plugging in of the wrong system. It helps prevent
>> accidents and unsafe systems bridging networks or ending up on the
>> 'wrong side of the fence' where you have secure and insecure networks.
>>
>> It's not a tool to prevent deliberate attack by users, and its not
>> 100% effective against a very careful attacker but tht doesn't make it
>> nothing to do with security.
>
> I'd say the fact that it *cannot* be used to "secure" a system, means
> that it does have nothing to do with security. There is no way, shape,
> or form, that you can enforce security using MAC filtering
your understanding of security is simply broken
security is always a bundle of preventions and not a single thing
MAC filter is not thought as the only security layer
it is an additional one in a multiple secured network
it prevents 90% of all users out there to connect and if you
get only one of them in your network with malicious software
on it this one can not send spam over his zombies
all the little pieces and optimizations in summary give you
security, not any single configuration alone
if you have 5 easy to break security barriers in front you make it
real hard for most people without enough knowledge of all these
barrieres to break them all - nobody said these are the only
preventions - these are ADDITIONAL ONES
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20111017/4dfde48e/attachment.bin
More information about the users
mailing list