[KLUG Members] Routing after validating IP address

Komal agencies_ad1 at sancharnet.in
Wed Nov 23 06:58:40 EST 2005

Previous message: [KLUG Members] Routing after validating IP address
Next message: [KLUG Members] Routing after validating IP address
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The short answer is "you don't use IP addresses for security".  It's
far
> too easy to change or spoof an IP address.  You're going to have to
try
> something else.  Have these elevated privileges only available
through
> an authenticating proxy server.  Or put these machines on a separate
> network segment (or VLAN?), and lock the wiring closet so nobody
moves
> the wires.  It might even be possible to set up smart card
> authentication so that nobody gets the elevated privileges unless
they
> have the card, depending on exactly what paranoia level you're
after.


Hi

iptables has a MAC matching option. This is trivial to defeat though.
I think I would need to control this on your switches (802.1x +
RADIUS), or
simple static ARP tables on the switch.

Regards,

Komal

Previous message: [KLUG Members] Routing after validating IP address
Next message: [KLUG Members] Routing after validating IP address
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list