[clug] Pop quiz.. (DHCP and servers).
Alex Satrapa
grail at goldweb.com.au
Wed Jan 14 04:42:52 GMT 2009
On 14/01/2009, at 13:32 , Daniel Pittman wrote:
> (If you already have a central management solution like puppet things
> are different, of course. :)
Yes, because cfengine and Puppet allow you to configure *everything*
not just the IP address. What packages are installed? What users are
allowed to log in to this machine? Do we allow logins at all?
If you're going central management, may as well go the whole hog.
> ...so, you use 802.1x authentication at the switch level to ensure
> that
> only authorized communication is taking place
And run afoul when you have to connect a device that can't work with
802.1x ;)
> , as well as monitoring for
> anomalies such as multiple OS TCP stacks behind a single MAC in
> order to
> avoid dubious stuff happening, right?
And don't forget the security on sneakers approach: actually walk the
floors with airsnort to make sure noone's got WiFi turned on inside
the building.
Then keep maintaining that level of security while continuing to be
aware of new developments.
Remember, it's not paranoia if they really *are* out to get you ;)
Alex
More information about the linux
mailing list