fedora-users October 2011 archive
Main Archive Page > Month Archives  > fedora-users archives
fedora-users: Re: doc question on private network IP allocation

Re: doc question on private network IP allocation

From: Alan Cox <alan_at_nospam>
Date: Sun Oct 16 2011 - 15:10:24 GMT
To: Community support for Fedora users <users@lists.fedoraproject.org>

> Well, in the case of MAC filtering, it's nothing to do with "security."
> It's merely closing an unlocked door in someone's face.

No.. security is not a boolean. MAC filtering is very useful for stopping
inadvertent plugging in of the wrong system. It helps prevent accidents
and unsafe systems bridging networks or ending up on the 'wrong side of
the fence' where you have secure and insecure networks.

It's not a tool to prevent deliberate attack by users, and its not 100%
effective against a very careful attacker but tht doesn't make it nothing
to do with security.

> to even attempt it, not filtering on a central server. A computer can
> still spew forth stuff onto a network its plugged into, even if it's not
> really joining in your network (in the sense of your server accepting
> it).

If you have physical access to a LAN port you can wire it to the mains
electricity supply. It all depends on your threat model and what you
entire in depth security arrangements are.

Alan
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines