[clug] Pop quiz.. (DHCP and servers).

Alex Satrapa grail at goldweb.com.au
Wed Jan 14 04:42:52 GMT 2009

On 14/01/2009, at 13:32 , Daniel Pittman wrote:

> (If you already have a central management solution like puppet things
> are different, of course. :)

Yes, because cfengine and Puppet allow you to configure *everything*  
not just the IP address. What packages are installed? What users are  
allowed to log in to this machine? Do we allow logins at all?

If you're going central management, may as well go the whole hog.

> ...so, you use 802.1x authentication at the switch level to ensure  
> that
> only authorized communication is taking place

And run afoul when you have to connect a device that can't work with  
802.1x ;)

> , as well as monitoring for
> anomalies such as multiple OS TCP stacks behind a single MAC in  
> order to
> avoid dubious stuff happening, right?

And don't forget the security on sneakers approach: actually walk the  
floors with airsnort to make sure noone's got WiFi turned on inside  
the building.

Then keep maintaining that level of security while continuing to be  
aware of new developments.

Remember, it's not paranoia if they really *are* out to get you ;)


More information about the linux mailing list