Securing your network to specific machines
Sun Dec 19 15:11:08 2004It's possible to lock down a network from use by rogue machines (a laptop brought in from outside, for example), but it isn't easy. See these links for passing and blocking packets by MAC address:
Bug in Linux 2.4 and IPTables MAC Match Module
Iptables MAC Address Filtering
But.. keep in mind that someone can spoof MAC addresses also. Some switches can "lock" a MAC address to a specific port, so if you have one of those, use the iptables stuff from the links above to pass only the addresses you already know. If you then can keep your all your offices and the switch under lock and key.. you might stop all but the most determined wanderers.
If you need to get more sophisticated (some machines have more access than others), combine this with DHCP that assigns specific IP addresses to specific MAC addresses. As long as you have that blocking switch, and no physical access to its ports, you can then be reasonably sure that a particular IP address really came from the machine you expected it to - or somebody drilled holes in your walls or otherwise physically compromised your network.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> Securing your network to specific machines
Increase ad revenue 50-250% with Ezoic
Inexpensive and informative Apple related e-books:
iOS 10: A Take Control Crash Course
Photos: A Take Control Crash Course
Take Control of Security for Mac Users
Take control of Apple TV, Second Edition
Take Control of iCloud
More Articles by Tony Lawrence
Find me on Google+
© 2012-06-17 Tony Lawrence
Printer Friendly Version
Securing your network to specific machines Copyright © December 2004 Tony Lawrence
Have you tried Searching this site?
Support RatesThis is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version