問一個Network保安問題

LAN, 大家通常都會開Server DHCP

如果外人插部notebook, 咁佢咪拎到 ip? sniff 都得?

用DHCP Mac Address Assign? 佢自己撞IP都入到
VLAN 都防唔到MAC Address 改wor

咁大家點樣protect?

firewall 檔 ip range

TOP

回覆 1# 的帖子

If you really want wire security, you can use a managed switch.  Most of them support RADIUS/CHAP authentication of MAC address before a connection is allowed in the switch.  So, even the 'intruding' notebook can fake a MAC address, the guy still needs the RAIDUS password to make the connection.

My 2 cents.

Stephen Wong @ Hong Kong

TOP

This solution, we need the establish RADIUS server?

Thank You

TOP

Sure, there is no free lunch!  From the router / switch, it can only see your MAC address, but you're afraid that someone can fake a MAC address, what can you do?  So, you use a method to 'authenticate' the MAC address with another 'token' to prove that the equipment using that MAC address is a genuine one.  That's it.

Stephen Wong @ Hong Kong

TOP

Thank You

TOP