Unauthorized Devices on Network

[gregmcc]

What about MAC address whitelisting?
All devices which have not been whitelisted in MAC config (which most routers support) will not be able to access the network.

Not really effective in stopping someone from getting access. MAC spoofing gets around this easily.

 

[Nod]

openNAC site - home

Virtual appliance factory

www.opennac.org

PacketFence - Network Access Control by Akamai

Enterprise NAC for network security, device compliance, and guest access. Cloud or self-hosted. Trusted by organizations worldwide.

www.packetfence.org

 

[|tera|]

Not really effective in stopping someone from getting access. MAC spoofing gets around this easily.

I don't get this though. A guy plugging in a laptop in a boardroom won't attempt to spoof a MAC address. Why take the Nuke option?
Edit: response below answered the question.

 

[WalkWithMe]

I don't get this though. A guy plugging in a laptop in a boardroom won't attempt to spoof a MAC address. Why take the Nuke option?

If you trying to stop someone just plugging in, then sure, static IPS etc
If you trying to stop an attack vector, then static IP's just slow me down, I can use a script to cycle through IP blocks and find things pretty quickly. Mac address spoofing - again easy attack vector. Arp tables are wonderful...

if you want to protect then NAC is the way to go to get into a privileged VLAN else get put on never never vlan or some basic guest vlan.

 

[|tera|]

openNAC site - home

Virtual appliance factory

www.opennac.org

PacketFence - Network Access Control by Akamai

Enterprise NAC for network security, device compliance, and guest access. Cloud or self-hosted. Trusted by organizations worldwide.

www.packetfence.org

Network Access Control seems to be a winner. Do you need a Unix based Server, or does it run on Windows? (the links you posted).

Thanks for the info.

 

[gregmcc]

I don't get this though. A guy plugging in a laptop in a boardroom won't attempt to spoof a MAC address. Why take the Nuke option?

Most attacks come from inside the network. Disgruntled employees, someone about to get fired. What's the physical security like? In most cases getting access to the building is fairly easy via social engineering / tail gating. If you have badges to open doors would you hold the door open if there was a hot blonde behind you? When last did you see someone you didn't recognise and ask who they are and what they are doing. Difficult in larger companies as not everyone knows everyone else.

 

[|tera|]

Most attacks come from inside the network. Disgruntled employees, someone about to get fired. What's the physical security like? In most cases getting access to the building is fairly easy via social engineering / tail gating. If you have badges to open doors would you hold the door open if there was a hot blonde behind you? When last did you see someone you didn't recognise and ask who they are and what they are doing.

Cool. Thanks for the explanation. Regarding the hot blonde. Depends though. If she's there as a diversion, I'll use my spidey sense

 

[Nod]

Network Access Control seems to be a winner. Do you need a Unix based Server, or does it run on Windows? (the links you posted).

Thanks for the info.

OpenNAC comes in the form of VM, source or Redhat packages
Packetfence is Redhat and Debian (Ubuntu) packages

 

[|tera|]

OpenNAC comes in the form of VM, source or Redhat packages
Packetfence is Redhat and Debian (Ubuntu) packages

Thanks. Will give the VM a shot sometime.