Am 17.10.2011 10:22, schrieb Tim: > Tim: >>> Well, in the case of MAC filtering, it's nothing to do with >>> "security." It's merely closing an unlocked door in someone's face. > > Alan Cox >> No.. security is not a boolean. MAC filtering is very useful for >> stopping inadvertent plugging in of the wrong system. It helps prevent >> accidents and unsafe systems bridging networks or ending up on the >> 'wrong side of the fence' where you have secure and insecure networks. >> >> It's not a tool to prevent deliberate attack by users, and its not >> 100% effective against a very careful attacker but tht doesn't make it >> nothing to do with security. > > I'd say the fact that it *cannot* be used to "secure" a system, means > that it does have nothing to do with security. There is no way, shape, > or form, that you can enforce security using MAC filtering
your understanding of security is simply broken security is always a bundle of preventions and not a single thing MAC filter is not thought as the only security layer it is an additional one in a multiple secured network it prevents 90% of all users out there to connect and if you get only one of them in your network with malicious software on it this one can not send spam over his zombies all the little pieces and optimizations in summary give you security, not any single configuration alone if you have 5 easy to break security barriers in front you make it real hard for most people without enough knowledge of all these barrieres to break them all - nobody said these are the only preventions - these are ADDITIONAL ONES
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
