[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mac Address Filter
> What you are doing is almost certainly wrong. If you insist on
> thinking that MAC address filtering buys you any security whatsoever,
> use brconfig(8).
>
> If you REALLY want to secure your wireless gateway, use authpf(8)
A primary tenant on INFOSEC is "security in depth"
To say that using MAC address blocking is wrong because some people can
overcome it -- and it is therefore useless -- Is wrong. It MAY be a
valid piece in the overall defense. This would be like saying that
because RFC 2827 and 1918 are not perfect defenses on spoofing and DoS
that we should just ignore them. To suggest that someone use Tool A and
not use Tool B is not right. Using both is sometimes better.
Sometimes in our attempts for 100% security (which we have all but
agreed as a profession does not exist) we toss away tools that add to
the layered defense.
Always practice security in depth.
BTW: Your suggestions on other choices to improve the security are
decent ones -- that is not my point.
eidetic
--
Chet Uber, eidetic@mindspring.com, PGP
B8DE8D3F
Senior Advisor, SecurityPosture
http://www.securityposture.com
7660 Dodge Street, Suite D - Omaha, NE 68114
vox +1 402.498.2673 fax +1 402.391.3906 cell +1 402.813.7879 *NEW
NUMBER*
--------------------------------------------------------------------------
If you are not the intended recipient be advised that you have received
this email in error and any use, dissemination, forwarding, printing or
copying of it is strictly prohibited. It is the responsibility of the
addressee to scan this mail and any attachments for computer viruses or
other defects. The sender does not accept liability for any loss or
damage
of any nature, however caused, which may result directly or indirectly
from this email or any file attached.
--------------------------------------------------------------------------
"Security First, Security Always!" (c) 2001-2002 All Rights Reserved.