doc question on private network IP allocation
Craig White
craigwhite at azapple.com
Sat Oct 15 19:48:05 UTC 2011
On Sat, 2011-10-15 at 09:02 -0700, Paul Allen Newell wrote:
> On 10/15/2011 08:14 AM, Greg Woods wrote:
> > On Sat, 2011-10-15 at 21:41 +1030, Tim wrote:
> >
> >> MAC filtering is utterly pointless.
> > We use it on *wired* networks, primarily to prevent visitors whose
> > laptops have not been properly vetted (and may be crawling with malware)
> > from connecting to our internal network. It is not expected to keep out
> > serious bad guys. Like most security measures, the effectiveness is
> > measured against what you are trying to accomplish, not against whether
> > it succeeds in giving you unbreakable security.
> >
> > --Greg
> >
>
> Greg:
>
> Awhile back I looked around to see if I could find any information about
> whether MAC address filtering could be set up for wired on a "home
> router" (as in Linksys or Netgear). I didn't see anything and assumed
> that it was only for wireless.
>
> In your usage, is it through the router(s) that you enforce wired MAC
> access?
>
> Not certain if I want to deal with it on a home network, but I am curious
----
sure - buy a layer 3 managed switch (an unlikely candidate for home implementations)
I think the concept of MAC address filtering is OK but as a single
security mechanism, fairly pointless as Tim has suggested. Since the
process of changing the MAC address on most hardware is trivial, you
really should be looking elsewhere and in terms of wireless, that is
likely going to be WPA w/ AES encrypted pre-shared keys (often called
WPA2) and beyond that, nothing is likely to improve security and more
than likely just a handicap to the authorized users.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users
mailing list