Network blocking

From Security Wiki
Revision as of 23:16, 9 February 2007 by Dombrowh (talk | contribs)
Jump to navigationJump to search

Blocking Network Ports Jay Dombrowski 2-8-07


Brain Storming (no particular order)

What is MAC Locking?


MAC Locking ensures that only specific MAC addresses can access a port, and that traffic from any other MAC addresses will be discarded. You might take advantage of MAC Locking if, for example, you want to prevent more than one user from accessing a port at a given time.

What at the types of port locking?


There are two kinds of MAC Locking: Dynamic and Static. When you enable Dynamic MAC Locking on a port, the next MAC address that authenticates or accesses the port (up to the maximum number of dynamic locked MAC addresses allowed) will have exclusive access to that port from that time on. Static MAC Locking lets you create a list of locked MAC addresses for a port so that the port only accepts traffic from those MAC addresses. MAC Locking is only available on devices that support it, and is not allowed on backplane and logical ports.

How is MAC Locking implemented?


To take effect on a port, mac port locking must be enabled at the device level. You can do this only by logging onto the switch and executing command line . Perhaps in the future it can be automanted.

What are the results of a violation? -users of the port? -notification? -How is a violation cleared? -Restore of service in a timely manor?


What are the possible configurations?


Will we have unique classes of port access? -office switch? -one host per port? -servers?

Retrieved from "https://security.sdsc.edu/mediawiki/index.php?title=Network_blocking&oldid=1659"