This is just wrong: MS security chief becomes DHS cybersecurity boss

D

Dustin Cook

Sure I would, you're the idiot that claims that Windows is not secure.

I know home users that have run for years without AV software and with
nothing more than a simple NAT router and their machines were clean of
all detectable malware when check.

So, which way do you want it - either Windows is the problem or the
people, like you, are the problem. I'm going with PEOPLE like you are
the problem.
Click to expand...


Uneducated users for whatever reson, are the problem. Proper policies and
security in place, accidents most likely won't happen until hardware
failure occurs.
 
C

Char Jackson

From: "Dustin Cook" <[email protected]>




| Mine wouldn't. :) MAC filtering rules are in place. hehehehe.


Yeah, we have MAC filtering in place too.

PITA when I have to have a notebook motherboard replaced. Then I have to supply the MAC
and Machine name to the central IT group.
Click to expand...

MAC filtering? Is that an inside joke? :)
 
J

jen

Char Jackson said:
MAC filtering? Is that an inside joke? :)
Click to expand...

MAC filtering:
From Wikipedia, the free encyclopedia
In computer networking, MAC Filtering (or EUI filtering, or layer 2
address filtering) refers to a security access control methodology
whereby the 48-bit address assigned to each network card is used to
determine access to the network.
MAC addresses are uniquely assigned to each card, so using MAC filtering
on a network permits and denies network access to specific devices
through the use of blacklists and whitelists. While the restriction of
network access through the use of lists is straightforward, an
individual person is not identified by a MAC address, rather a device
only, so an authorized person will need to have a whitelist entry for
each device that he or she would use to access the network.

-jen
 
L

Leythos

MAC addresses are uniquely assigned to each card, so using MAC filtering
on a network permits and denies network access to specific devices
through the use of blacklists and whitelists. While the restriction of
network access through the use of lists is straightforward, an
individual person is not identified by a MAC address, rather a device
only, so an authorized person will need to have a whitelist entry for
each device that he or she would use to access the network.
Click to expand...

While MAC addresses are uniquely "Assigned" many devices permit the user
to change the MAC address.
 
D

Dustin Cook

While MAC addresses are uniquely "Assigned" many devices permit the
user to change the MAC address.
Click to expand...

Yes, but you don't know the allowed MAC addresses programmed into the
router. You'd need to know that and several other things before you'd have
any access of any sort. :)
 
C

Char Jackson

Yes, but you don't know the allowed MAC addresses programmed into the
router. You'd need to know that and several other things before you'd have
any access of any sort. :)
Click to expand...

It's generally trivial to sniff traffic on a network segment (wired if
you have physical access, or better yet wireless if available) to see
which MAC addresses are allowed. When an allowed MAC goes quiet, clone
it and you're in. Easy, peasy.

In security circles, I thought it was widely known and accepted that
MAC address filtering only provides a false sense of security. It
tends to be more inconvenient for the legitimate user than to the
rogue visitor since it's so easily bypassed.
 
D

Dustin Cook

It's generally trivial to sniff traffic on a network segment (wired if
you have physical access, or better yet wireless if available) to see
which MAC addresses are allowed. When an allowed MAC goes quiet, clone
it and you're in. Easy, peasy.

In security circles, I thought it was widely known and accepted that
MAC address filtering only provides a false sense of security. It
tends to be more inconvenient for the legitimate user than to the
rogue visitor since it's so easily bypassed.
Click to expand...

You intend to packet sniff an encrypted network? Well, have fun doing it.
 
D

Dustin Cook

Bingo.
Click to expand...

True Enough... It's obviously not a perfect method of security and
shouldn't be used by itself. But, for layered defenses, it'll keep the
script kiddies at bay.
 
C

Char Jackson

True Enough... It's obviously not a perfect method of security and
shouldn't be used by itself. But, for layered defenses, it'll keep the
script kiddies at bay.
Click to expand...

It's so trivial to bypass that I wouldn't say it will keep anyone at
bay, but it should slow someone down by a few minutes, and sometimes a
few minutes can be the difference between an attack and moving on to
someone else.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Gates Plans Leave Admid Great Change 2

Top