[ previous ] [ next ] [ threads ]
 
 From:  GD Incorporation <rbasuki at gdincorporation dot com>
 To:  "'Lee Sharp'" <leesharp at hal dash pc dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall Rules by MAC Address. IS it possible?
 Date:  Sat, 2 Oct 2010 09:56:16 +0700
I think Lee just sums up the best solution...

Human management... That is the key

Rendra 

-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: Thursday, September 30, 2010 10:24 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Firewall Rules by MAC Address. IS it possible?

On 09/30/2010 05:13 AM, GD Incorporation wrote:
> All I am saying is
>
> How many people... I mean, just regular pc users would know how to 
> execute such command? Plus, no one in other than computer department 
> in any company would want to use linux? Mostly just windows or mac. 
> Changing MAC address on mac or windows is not that easy. But changing 
> IP in Windows is just too easy.
>
> Most of my users are windows users.
>
> So that is why, for me, having mac filter in firewall rule would help 
> so much.

I think you are trying to find a technical solution to a human problem.
There is no way to stop a determined and skilled person with control of
their own system.  If this is a company environment, you can use policy kit
to lock them out of network changes, and that eliminates some.  You can lock
them out of the web browser, and that eliminates most.  Of course, they can
still hack there own system and get past it.

The real solution is to say "Do not do this.  We are logging everyone, and
if we catch you, you are fired."  If you can not do that, you can not stop
them.

			Lee


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch