[H-GEN] Quick question
Bruce Campbell
bc at humbug.org.au
Tue Oct 12 04:28:04 EDT 2004
On Fri, 8 Oct 2004, Robert Brockway wrote:
> On Fri, 8 Oct 2004, Tim Kent wrote:
>
> > You may want to take into account physical security too, such as
> > removing the floppy/CD drives from the boot order. I'm sure you've
> > thought of this though!
>
> Harry, also watch out for someone replacing the box entirely. You noted
> it would get an IP via dhcp and would then have its web access restricted.
>
> '3leet w4r3z user walks up with laptop while no one is looking, plugs it
> in to the port formerly occupied by your public access box, gets a
> _different_ address via dhcp and go onto to hit whatever sites they want -
> or worse. This is not as theoretical as it might first sound.
Naturally, the local admin has already thought of this and has turned on
the port security option on the switch port that the public access box
is/was plugged into, so that only that MAC address can get connectivity
via the switch.
( A determined hacker would obtain the MAC address of the public access
box, and reprogram their laptop to use that one, but this starts to get
silly, especially when a number of places make nice lockable boxes to
put the machine and crucial cable connections into. )
> Having any public access terminals on their own physical lan is essential.
Yes indeedy.
--==--
Bruce.
More information about the General
mailing list