doc question on private network IP allocation
Shane Dawalt
sdawalt at donet.com
Tue Oct 18 22:09:12 UTC 2011
On 10/18/2011 08:42 AM, Tim wrote:
> On Mon, 2011-10-17 at 10:32 +0200, Reindl Harald wrote:
>> your understanding of security is simply broken
> No, yours is, if you believe that something that has no ability to
> provide any security, can actually do so.
>
> It's been a MYTH for quite some time that MAC filtering protects your
> network. It doesn't, it cannot. It's up there with the foolish beliefs
> about hiding SSIDs.
>
> Passwords are part of security.
> Encryption is part of security.
> MAC filtering is merely network management.
>
> Security is about enforcement. MAC filtering has no enforcement
> ability.
>
I hope you recognize the irony of your reply. Passwords can be
brute-force attacked and/or sniffed. Encryption can be broken (some
more so than others of course). You've relegated MAC filtering to the
abyss for being hackable. But as with MAC filtering, given the proper
conditions and/or skill sets, the other options can be equally ineffective.
I won't belabor why MAC filtering is reasonable - it's been addressed
several times by others, but I would ask this: would it surprise you to
learn that a good many enterprise-level network manufacturers have best
practices that employ MAC filtering (in combination with other features)
as a method for securing enterprise-level networks against unwanted entry?
Shane
More information about the users
mailing list