On Sat, 2011-10-15 at 09:02 -0700, Paul Allen Newell wrote: > On 10/15/2011 08:14 AM, Greg Woods wrote: > > On Sat, 2011-10-15 at 21:41 +1030, Tim wrote: > > > >> MAC filtering is utterly pointless. > > We use it on *wired* networks, primarily to prevent visitors whose > > laptops have not been properly vetted (and may be crawling with malware) > > from connecting to our internal network. It is not expected to keep out > > serious bad guys. Like most security measures, the effectiveness is > > measured against what you are trying to accomplish, not against whether > > it succeeds in giving you unbreakable security. > > > > --Greg > > > > Greg: > > Awhile back I looked around to see if I could find any information about > whether MAC address filtering could be set up for wired on a "home > router" (as in Linksys or Netgear). I didn't see anything and assumed > that it was only for wireless. > > In your usage, is it through the router(s) that you enforce wired MAC > access? > > Not certain if I want to deal with it on a home network, but I am curious ---- sure - buy a layer 3 managed switch (an unlikely candidate for home implementations) I think the concept of MAC address filtering is OK but as a single security mechanism, fairly pointless as Tim has suggested. Since the process of changing the MAC address on most hardware is trivial, you really should be looking elsewhere and in terms of wireless, that is likely going to be WPA w/ AES encrypted pre-shared keys (often called WPA2) and beyond that, nothing is likely to improve security and more than likely just a handicap to the authorized users. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
