Re: Its War!

stanley wrote:


C.Joseph S. Drayton;950202 Wrote:
Each office has an IP for each of the Ethernet ports. So yes,
they know which port is doing what. Then tying a MAC address to
port is childs play. Once they have that MAC address, even if you
move to another ethernet jack in the building, they would know
that it is your computer. The key is that unless you fake your MAC
address, it can be tied to your computer. And once they have your
MAC address they will always no where you are plugging in, in the
building.
At one point or another, assuming your IT department takes network
security seriously, they have tied your MAC address to you. If they
simply left those jacks in the office available to anybody with a
laptop, their security would be fairly lax. Even if you can only
log into the router for Internet, the mere fact that you can get
to their router would put them at risk since you could
theoretically hijack their router.

Good network security means that IT always knows what computer is
connected to the network.

Thanks for all that information, which I'm sure is all very basic for
you!

I did not know that each Ethernet port has a unique address-- it
seemed like just another jack in the wall like a phone jack. I guess
not! So all my internet usage can be tracked to my office and hence
to me. I'm an independent contractor and bill based on services not
by salary, so they have no reason to track my time usage, but still,
thats interesting that they could track every visit to the sports
pages to me directly if they wanted to!

Hi Stanley,

The reason each port in the office has its own IP is that if the router
needs to know where to send the packets that it is receiving. If it
didn't know, then it would have to send every packet to every machine
and ask the machine on that port 'Does this packet belong to you?'.

Different companies handle security differently. So how sophisticated
their access and monitoring is normally depends on how important they
think their data is.

Since security is 'non-income producing', a lot of companies tend to
spend the least they can get away with. The logic has always gone over
my head . . . if good security can save you money by preventing fraud
or embezzlement, then that can in fact be considered income producing.
If you want to see something depressing, read the annual report for any
of the large banks . . . the amount that they show as 'loss due to
possible computer fraud' is appalling.

--

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services
Web site: http://csdcs.tlerma.com/
E-mail: csdcs@xxxxxxxxxx
.

Relevant Pages

  • Re: ssh gives "Permission denied, please try again"
    ... It would be possible to arrange that but it's a bit tricky and there are security implications for your network. ... tried to ssh to that but it said port 22 was blocked. ... due to my router; I therefore tried to open ssh access in the router and ...
    (uk.comp.os.linux)
  • Re: Down with DHCP!!!!
    ... static IPs. ... your assumption about security is flawed. ... handle mac-based port security. ... or you can set up a RADIUS server with a database of authorized MAC ...
    (Security-Basics)
  • RE: How to find a changing IP on ethernet network
    ... called "port security". ... tell it how many MAC ... to issue an SMTP trap to your Network Management ...
    (Security-Basics)
  • Re: Limit a childs time on computer
    ... If you have a router, see if it has options to allow/disallow connections (usually by MAC address) at certain time; however, Windows XP lets users change their MAC address, so you might want to see if access time can be restricted by the port to which the kid's computer is connected but then you need to lockup the cable modem and router so the kid doesn't switch to another port. ...
    (microsoft.public.windowsxp.general)
  • Re: Its War!
    ... they know which port is doing what. ... Then tying a MAC address to ... if you can only log into the router for Internet, ... seemed like just another jack in the wall like a phone jack. ...
    (microsoft.public.windowsxp.general)