Tim: >> Well, in the case of MAC filtering, it's nothing to do with >> "security." It's merely closing an unlocked door in someone's face. Alan Cox > No.. security is not a boolean. MAC filtering is very useful for > stopping inadvertent plugging in of the wrong system. It helps prevent > accidents and unsafe systems bridging networks or ending up on the > 'wrong side of the fence' where you have secure and insecure networks. > > It's not a tool to prevent deliberate attack by users, and its not > 100% effective against a very careful attacker but tht doesn't make it > nothing to do with security. I'd say the fact that it *cannot* be used to "secure" a system, means that it does have nothing to do with security. There is no way, shape, or form, that you can enforce security using MAC filtering. Yes, it can be useful in basic network management, but that's not security. I stand by my analogy, that's all the effect it has. Turning the power off to the VDU may make it harder for me to mess up your computer, but it's *not* securing it. There's a whole pile of things that may be small obstacles, but none of them are security. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
