On Tue, 12 Feb 2002, Kent Hundley wrote: :3) Don't give users root or Administrator access to their machines. This :should keep them from changing IP addresses. (course, they can always break :into the machine)
if they have physical access, breaking in tends to just mean reboot. :3) Hard-code IP addresses to MAC addresses in your router and/or firewalls :arp table. This is obviously a pain in the butt. more than a pain, it's just not maintainable. i've lost many hours in maintenance windows on firewall systems due to static arps in various places. from an added security cost benefit standpoint, it's almost always a loser. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
