Re: Ask EU - Norton AV 2006

While spitting out some home-made cheese, I heard theoule
<theoule2003@xxxxxxxxx> say

>On 14 Nov 2005 21:04:57 GMT, rf@xxxxxxxxxxxx (Robin Fairbairns) wrote:
>
>> stephenbowden@xxxxxxxxx (Stephen) writes:
>>>Authentication and encryption. You can set up your network to allow
>>>only certain MAC addresses to access it (MAC addresses are unique to
>>>the computer, at least until all 281 trillion of them have been used),
>>>or you can use some form of password-based authentication and you can
>>>encrypt it in various ways to prevent any eavesdropping. The Netgear
>>>DG834g is said to make this as easy as falling off a bicycle.
>>
>>mac addresses are programmable in a large proportion of network cards.
>>this used to be an absolute requirement, in the days when decnet was
>>king[*], since decnet assumed that the decnet address (its equivalent
>>of ip address) formed the low 16 bits of the mac address[**].
>>
>>authentication by mac address is no authentication at all: you might
>>as well not bother.
>>
>>[*] or prince, or something
>>[**] amazing, now, that someone might define a network architecture
>>limited to 65535[***] host computers...
>>[***] i think it was: perhaps even fewer
>
>Um.... Does this mean I really should not bother? I use
>authentication and encryption. What else should I be doing?
>
Whilst I hesitate to differ from some of the techies who have already
contributed to this thread, I think that "you might as well not
bother" is putting it a tad too strongly.

It is true that an attacker could reprogram a network card so that his
computer appeared to be one of those you've designated as being
internal to your network - but only if he knew what value to program
in. In other words, he would need some fairly detailed prior
knowledge of your network setup before he could construct his attack.
So, IMO, MAC authentication will give you a degree of protection. It
will keep out hackers who have no prior knowledge of your network.

Having said that, the rule in computer security is always "trust not
to technical defences". Mac authentication, virus-checkers,
firewalls, encryption etc all have their part to play in defending the
system - but all of them can be defeated, if the attacker is skilled
and has a bit of luck.

So, in your situation, I would switch on MAC authentication and
encryption. But I wouldn't fool myself that I'd made my network 100%
secure.

Sorry - this probably hasn't helped you too much, has it?

Tony Gardner
N.B. Return E-mail address is spamtrapped.
Replace "spambin" with "tony" and "nospam" with "gardner"
.

Relevant Pages

  • Re: Secure your DHCP
    ... We have been cleaning this new client's network for the past ... since they work weekends and are not willing to add the MAC ... Multiple user authentication methods: ... IEEE 802.1X: industry-standard way of user ...
    (microsoft.public.windows.server.sbs)
  • RE: ARP Poisoning
    ... Encryption is the best way to go to ... around a network in one form or another. ... Ettercap has a flag that will detect arp poisoning on the network as ... done is set this up to test my network at MAC level only. ...
    (Security-Basics)
  • Re: CBC questions
    ... Terry Ritter wrote: ... solution to message modification attacks is to use a MAC ... >without any authentication at all. ... encryption without a MAC, ...
    (sci.crypt)
  • Re: MAC and SSL
    ... Authenication Codes (MAC) are used for integrity and authentication. ... Then I see that MAC algorithms are used with SSL. ... encryption algorithm and for the MAC. ...
    (sci.crypt)
  • Re: Give access based on location
    ... The next question would be how to do authentication from a MAC address? ... >> A user has an account on the Corporate network and his laptop has account ... >> on Corporate network. ...
    (microsoft.public.windows.server.networking)
Loading