[SPAM] 回复: [PacketFence-users] How do you prevent a stolen MAC fromaccessing the network

Fri, 07 Jul 2017 05:39:42 -0700 

Hello Munro,
thank you for your replay,and can you tell me How do you configure the 
certificate to integrate with AD in the pf,or any technical documentation where 
I can take it? thank you.


------------------ ???????? ------------------
??????: "packetfence-users";<[email protected]>;
????????: 2017??7??6??(??????) ????9:49
??????: "packetfence-users"<[email protected]>; 
????: "Louis Munro"<[email protected]>; 
????: Re: [PacketFence-users] How do you prevent a stolen MAC fromaccessing the 
network




 
 
On Jul 6, 2017, at 05:18, ???????? via PacketFence-users 
<[email protected]> wrote:

Hello,
I'm testing  packfence with version 7.1.0,and I have a issue is that how to 
prevent a stolen MAC from accessing the network.
for example:
environment: user auth with microsoft active directory
switches:cisco2960g and sg300


domain computer name: [email protected]
registered mac: 40:16:7e:76:c9:10
I take another laptop and change  the  mac address as 40:16:7e:76:c9:10,this 
laptop can be access network.


I want to know how can you avoid this phenomenon? is it  packetfence can 
authentication with domain computer and only domain computers can be validated?
thank you!





Any form of network access control that relies on the MAC as an identifier is 
vulnerable to spoofing.
The only way to prevent it is to enforce a method that requires authentication 
based on something known (e.g. a password) or something owned (e.g. a 
certificate).


Practically speaking this means 802.1x with a password (which can be changed if 
the device is stolen) or with a certificate (i.e. EAP-TLS) which you can revoke.


Regards,
--
Louis Munro
[email protected]  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to