F8 is getting *really* sysadmin-hostile
Benny Amorsen
benny+usenet at amorsen.dk
Fri Nov 16 17:20:11 UTC 2007
>>>>> "JS" == Jeff Spaleta <jspaleta at gmail.com> writes:
JS> the point... network hygiene and accountability.. to make it
JS> harder for an unknown malicious person to connect an unknown
JS> computer into a live network wall jack somewhere in your building
JS> and become a member of that network segment with equal access to
JS> network data that registered computers have.
On that note, many switches can be configured to keep the port closed
for non-DHCP traffic until a DHCP lease is acquired. That solves the
"just assign a static IP"-attack. For the "just steal someone's
MAC-address"-attack, you need 802.1x. Does NetworkManager handle
802.1x on wired interfaces?
/Benny
More information about the fedora-devel-list
mailing list