fedora-users October 2011 archive
Main Archive Page > Month Archives  > fedora-users archives
fedora-users: Re: doc question on private network IP allocation

Re: doc question on private network IP allocation

From: Tim <ignored_mailbox_at_nospam>
Date: Mon Oct 17 2011 - 08:22:58 GMT
To: Community support for Fedora users <users@lists.fedoraproject.org>

Tim:
>> Well, in the case of MAC filtering, it's nothing to do with
>> "security." It's merely closing an unlocked door in someone's face.

Alan Cox
> No.. security is not a boolean. MAC filtering is very useful for
> stopping inadvertent plugging in of the wrong system. It helps prevent
> accidents and unsafe systems bridging networks or ending up on the
> 'wrong side of the fence' where you have secure and insecure networks.
>
> It's not a tool to prevent deliberate attack by users, and its not
> 100% effective against a very careful attacker but tht doesn't make it
> nothing to do with security.

I'd say the fact that it *cannot* be used to "secure" a system, means
that it does have nothing to do with security. There is no way, shape,
or form, that you can enforce security using MAC filtering.

Yes, it can be useful in basic network management, but that's not
security. I stand by my analogy, that's all the effect it has.

Turning the power off to the VDU may make it harder for me to mess up
your computer, but it's *not* securing it. There's a whole pile of
things that may be small obstacles, but none of them are security.

-- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines