On Tue, 2011-09-20 at 03:49 +0200, Stefan Held wrote: > Am Montag, den 19.09.2011, 18:11 -0700 schrieb Craig White: > > I'm sitting here and laughing at the stupidity of this suggestion. > > Well, erm. Sure. > > > Considering that one of the primary elements of security is IP > > Addresses, you are leaving the determination of this security to the > > whim of some moron who plugs in a wireless router or worse yet, someone > > with intent to assume control over your network and made it as simple as > > setting up a DHCP server - something you can easily do on a Windows > > workstation. > > In case you need it, i can provide you with a script that scans for dhcp > servers which mac adresses are not known and deactivates the switch port > on which the mac adress of this device is found. .... > > Should i continue? Please don't tell me this is idiotic, i know what can > happen and what to do if this happens. > > You can setup on an Windows Workstation an DHCP Server? What Version > would that be? ;) ---- I probably should have just kept my mouth shut and would have except that you are actually advancing your theories on network design on others who are not knowledgeable. If you feel that adding a layer of shell script parsing and then manipulating a managed switch somehow secures a network schema that is insecure at its foundation is a reasonable implementation then we obviously disagree on the most basic level and any further discussion is rather pointless. ---- > > > If you actually have enough servers that it becomes a chore to maintain > > their network configuration because you are incapable of any reasonable > > long term planning of private IP LAN space where there is hardly any > > limitations, you should be using puppet or chef or cfengine or something > > that is capable of doing configuration management for a wide range of > > networked systems. > > > > Sure, Company gets bought, you have to migrate your network into a wider > range of other networks, cause of VPN Routings. You never have been into > such a situation? > > Now please tell me how to plan this? ---- I think what we are talking about takes 30 seconds with vi/emacs (edit the network interface). Maybe you will do this once in the lifetime of a server. If there are enough servers to suggest that this is beyond a simple task, you should be using a comprehensive configuration management system such as puppet. Your entire premise is absurd at its core. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
