1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Ethernet Switching and MAC address filtering

Discussion in 'Business & Enterprise Computing' started by Nyarghnia, Aug 5, 2010.

  1. Nyarghnia

    Nyarghnia (Taking a Break)

    Joined:
    Aug 5, 2008
    Messages:
    1,274
    Are there many switches on the market which support MAC address filtering?

    I know that there are WIFI routers that support this but I will now be investigating implementing MAC address filtering on my network (I already have VLANS in place), my main concern is that if someone plugs a machine into a ethernet port that is within the 'trusted' VLAN.

    Paranoid? Perhaps, but then again, the security audit group want me to put retina scanners on doors...

    I've tried to see if any ProCurve gear supports this but am not sure where to look, anyone got any ideas?

    -NyarghNia
     
  2. bsbozzy

    bsbozzy Member

    Joined:
    Nov 11, 2003
    Messages:
    3,925
    Location:
    Sydney
    Cisco do, implemented it recently.
     
  3. Bangers

    Bangers Member

    Joined:
    Dec 25, 2001
    Messages:
    7,254
    Location:
    Silicon Valley
    These threads get more entertaining every day. Enable port security, shutdown unused ports, enable SSH management and use complex passwords. Then (and this is probably the most complex part) find a real problem to solve.
     
  4. Rass

    Rass Member

    Joined:
    Jun 27, 2001
    Messages:
    3,177
    Location:
    Brizbekistan
    802.1x ?

    AutoSmartPorts with mac address lists?
     
  5. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,677
    You Win 1 internet, as soon as I have the Internet Audit Audit Group assign it to you.

    Can you please tell us a bit more detail about which sector of 'finance' you work in Nyarghnia.

    You throw around things like retinal door scanners, and then complain that you don't have budget to scratch your own arse.
     
  6. Jimoin

    Jimoin Member

    Joined:
    Jul 26, 2002
    Messages:
    581
    Location:
    Melbourne
    His threads are almost like a form of trolling I swear.
     
  7. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,335
    Location:
    Brisbane
    Aaaaand thread complete.

    Good night everybody!
     
  8. GiantGuineaPig

    GiantGuineaPig Member

    Joined:
    Oct 23, 2006
    Messages:
    4,027
    Location:
    Adelaide
    Maybe you should do what you've said you'd do, instead of doing something half-baked:

    http://forums.overclockers.com.au/showpost.php?p=12146327&postcount=12

     
  9. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,396
    Location:
    Canberra
    step 1: accept findings of security audit group
    step 2: call IAC to review the report independently
    step 3: take report to management, including updated information and thorough RA.
    step 4: demand that the business produce necessary funding for security upgrades or own the risk.
    step 5: retire.
     
  10. OP
    OP
    Nyarghnia

    Nyarghnia (Taking a Break)

    Joined:
    Aug 5, 2008
    Messages:
    1,274
    Umm, why am i copping flames for asking about this? It was a really simple question...

    I've already spoken to our re-seller about this topic and am meeting with them next week, I just wanted to know what other people's experience with this sort of thing was.

    Shit... if you guys would prefer i could just go away and not annoy you with questions with you obviously deem to be too stupid for this forum.

    -NyarghNia
     
  11. Jimoin

    Jimoin Member

    Joined:
    Jul 26, 2002
    Messages:
    581
    Location:
    Melbourne
    The questions themselves aren't stupid necessarily, it's just that the bullshit to question ratio is way too high.

    Nearly every post from you is more of a complaint about your environment/company than it is a question.

    You are burdened supporting Windows because you're not a windows admin and do it on the side.
    You are burdened supporting Exchange because you're not an exchange admin and do it on the side.
    You are afraid of Linux because because supposedly no one supports it
    You are burdened by virtualisation because you don't know much about it and have legacy systems
    You struggle with finding an appropriate storage solution

    Now you are asking Networking questions that any network admin would know answers to.

    You do a lot of complaining about the company (management, budget, blah blah), I dunno exactly what your area of expertise is (is it these old UNIX systems?) but either the company you work for is totally doing things wrong and you need to leave, or you just don't know much and shouldn't be complaining so often.
     
  12. GiantGuineaPig

    GiantGuineaPig Member

    Joined:
    Oct 23, 2006
    Messages:
    4,027
    Location:
    Adelaide
    Personally I wasn't flaming, the quote of yours I provided is a good answer to your own question, in your environment and situation. If you're asking basic questions like this, then leave it to the subject matter experts.

    But I also agree that you should focus on improving and fixing things, rather than using each opportunity as a whingefest for how terrible your situation is. Almost everyone here has been in bad or worse situations than you.
     
  13. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,808
    Location:
    Brisbane
    I'd be more concerned that people have the ability to bring in a pc and then plug it into your network :Paranoid:
     
  14. narkotix

    narkotix Member

    Joined:
    Oct 8, 2003
    Messages:
    518

    damn straight!
     
  15. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,677
    To Prevent unauthorised use of network ports, only have connected ports patched, and then superglue the Ethernet cables in at both ends... you might want to use longer cables for laptop users though... in case they want to take their laptop home at night.

    But this wouldn;t stop the persistent hacker, as he will no doubt be carrying a crimper, and some cable ends to thwart my plan, so you need to run 240v in a sheath around the shielded Ethernet cables, so that when the nasty hacker (who has stolen your CEO's eyeballs to get into the building) goes to cut the cable, he gets electrocuted and dies.
     
  16. mrpats

    mrpats Member

    Joined:
    Dec 18, 2002
    Messages:
    420
    MAC address filtering is painful to constantly administer and how/who are/is going to do the initial bulk update of your current machines whilst making sure there aren't any rogue pc's.

    on top of that its piss easy to circumvent. You can do it in the properties of the adapter in Windows in about 10 seconds.

    Ideally, get a NAC solution and implement network tiering.
     
  17. Whisper

    Whisper Member

    Joined:
    Jun 27, 2001
    Messages:
    8,297
    Location:
    Sydney
    ROFL

    Jimoin a member since July 2002 with a huge 219 odd posts to his name comes and lays the smack down.

    Nyarghnia, take the hint that even the lurkers are beginning to see the pattern and are getting sick of it.

    I've made this comment before, the forums are here to help people, but they shouldn't be used by people so they are able function adequately in their paid position.

    If you don't know what you are doing, get somebody in that does, or learn how to do it properly yourself, as that is how the majority of the people actually answering questions in this forum came to be able to provide useful responses to forum threads like these, lest the The Enterprise Networking & Computing Goon Squad.... comes looking for you.
     
    Last edited: Aug 7, 2010
  18. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,677
    Can someone with the rights please be adding this to the guidelines sticky thread.
     
  19. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    We need that printed.

    I didnt get a invite :( i am the foremost expert on the WB range.
     
  20. GiantGuineaPig

    GiantGuineaPig Member

    Joined:
    Oct 23, 2006
    Messages:
    4,027
    Location:
    Adelaide
    Ooh yeah, you reminded me of my old thread about that :) http://forums.overclockers.com.au/showthread.php?t=837650

    Nyarghnia you really need to hire someone who has a clue to help you with the technical side of IT. All your questions and ideas are not questions an experienced IT person would ask, because they just wouldn't do them that way.

    MAC address filtering, which can be so easily spoofed is like putting a sign on your door saying "do not enter" but leaving the door unlocked, except you've got 100's of doors that you need to put each sign on yourself.
     

Share This Page

Advertisement: