> Switches should not be relied on as a security mechanism > unless the switch specifically has (and has been configured > to use) port security by the use of static assignment of MAC > addresses to ports. And rarely even then, as you can simply connect your computer with a cross-linked cable to a legal workstation, sniff the MAC address, and configure that to be your addy. If you get physical access to the network, you most likely can do this, too. We can never get perfect security, but we can raise the bar. At least now we've made the passive eavesdropper active, so s/he can be detected, at least a lot easier than a regular eavesdropper. I'd recommend a good PKI. > Kelly Warm regards, -- Toni Heinonen, Teleware Oy Wireless +358 (40) 836 1815 Telephone +358 (9) 3434 9123 toni.heinonenat_private www.teleware.fi ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 15:42:33 PDT