Re: Blocking by MAC Address -

---

• From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
• Date: Mon, 28 Nov 2005 18:13:13 +0100

---

As an attacker I can still bypass 802.1x on the switch.

--
Mike
Microsoft MVP - Windows Security

"Antonio Cardoso" <AntonioCardoso@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:8A2BC001-F1B7-4E67-8726-1ABAA3457E72@xxxxxxxxxxxxxxxx
> You can do this by validating the switches ... if you have cisco you can
> send
> a trap each time a mac is added to a port and then validate that the mac
> is
> authorized ....
>
> regards
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> You don't have to use encryption. You can set up ESP-Null. In this case
>> packets only get authenticated. This will still add up a bit to the
>> processor since it has to check every packet but this will in general be
>> few
>> percents (3-5). Most of server's CPU is more or less below 10% so adding
>> 3-5% should not be a problem.
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "FabrizioV" <FabrizioV@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:7037C317-BE2F-4ECC-9CB1-3C42882E71BB@xxxxxxxxxxxxxxxx
>> > Good morning Mike.
>> > The article is really interesting and IPSEC is an option to consider.
>> > An issue (IMHO) is the overhead you'll have on the clients and (most
>> > important) on the servers, when you encrypt all the traffic on your
>> > network.
>> > As you can see in this article :
>> > http://www.microsoft.com/technet/community/chats/trans/network/net0610.mspx
>> >
>> > "CPU on servers can be a problem but it can be mitigated by using IPSEC
>> > offload card from vendors like 3COM and Intel."
>> >
>> > So, if you already have or you are going to buy SSL/IPSEC dedicated
>> > cards
>> > for your data center IPSEC is a good choice.
>> > Else, if you have Windows 2003 and 802.1x enabled network switches,
>> > dot1x
>> > should be your choice.
>> >
>> > Fabrizio Volpe
>> >
>> >
>> > "Miha Pihler [MVP]" wrote:
>> >
>> >> Hi,
>> >>
>> >> Mitigating the Threats of Rogue Machines-802.1X or IPsec?
>> >> http://www.microsoft.com/technet/community/columns/secmgmt/sm0805.mspx
>> >>
>> >> --
>> >> Mike
>> >> Microsoft MVP - Windows Security
>>
>>
>>


.

---

• Follow-Ups:
  • Re: Blocking by MAC Address -
    • From: Antonio Cardoso

• References:
  • Blocking by MAC Address -
    • From: aman11
  • Re: Blocking by MAC Address -
    • From: Miha Pihler [MVP]
  • Re: Blocking by MAC Address -
    • From: Miha Pihler [MVP]
  • Re: Blocking by MAC Address -
    • From: Miha Pihler [MVP]

• Prev by Date: Re: VPN Authentication & Mapping Issue
• Next by Date: Re: Blocking by MAC Address -
• Previous by thread: Re: Blocking by MAC Address -
• Next by thread: Re: Blocking by MAC Address -
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: server failure twice in 2 weeks ... > Hi Mike, ... >> How about event logs (Application and System logs)? ... >> Microsoft MVP - Windows Security ... (microsoft.public.windows.server.general) Re: Win2k server & FTP ... Mike ... > Can the access to the ftp be given to none Win2k "created" user, ... >> Microsoft MVP - Windows Security ... (microsoft.public.windows.server.general) Re: xp workstations unable to log-in to win 2003 domain at boot-up ... What is the problem that your co-worker is having? ... Mike ... >> Microsoft MVP - Windows Security ... (microsoft.public.windows.server.setup) Re: Cant find solution for error 1030 on Windows Server 2003 DC ... Can you also run following command on your server and post back the result: ... Mike ... > Microsoft MVP - Windows Security ... (microsoft.public.windows.server.general) Re: Force AD to use TCP not UDP. ... Mike ... >I use these tool and pass all test,becouse it use TPC not UDP. ... >> Microsoft MVP - Windows Security ... (microsoft.public.windows.server.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)