[Tfug] "Opening" a physical ethernet connection

John M hankscorpioarizona at gmail.com
Wed May 1 17:06:57 MST 2013 

Ok, so why don't you just configure port security (802.1x, static IP's,
etc) if securing your LAN is the issue.  I'm just trying to understand why
you aren't exploring technology that's already available, rather than
impractical work arounds.


On Wed, May 1, 2013 at 4:33 PM, Bexley Hall <bexley401 at yahoo.com> wrote:

> Hi Bender,
>
>
> On 5/1/2013 4:17 PM, Bender wrote:
>
>> Don,
>>
>> Why don't you really tell us what you are trying to do?
>>
>
> Ideally, I want to be able to "unplug" a "physical ethernet
> connection" (i.e., a *cable*).  This prevents the service(s)
> available on that connection from being accessed *and*
> protects the fabric from "assault" (e.g., someone taking a
> line cord and connecting it to the pins of the connector
> thereby frying a port in an *expensive* switch).
>
> I.e., just like unplugging the cable or installing a "relay"
> in series.
>
> Absent the ability to *protect* the network fabric, I'd at
> least like to be able to protect the *traffic* (which can be
> done by shutting down the port on a managed switch; removing
> power from a switch in series with that network segment; or
> by "jabbering" on those particular pairs to make regular
> traffic unavailable).
>
> As the example I cited:  I want to be able to take an IP
> phone, TV, laptop, etc. to a network drop that is in
> an "unsecured area" (e.g., outside) and use it, there.
> Then, when no longer needed, to be able to shutdown that
> "point of access" so no others can use it.  Much like you
> would shutdown your wireless AP when not in use to prevent
> others from silently hammering away at it...
>
> [Imagine a business having network drops on the factory
> floor.  Do you want Joe Worker to be able to surreptitiously
> plug in a laptop and surf the web, access the company's
> manufacturing/financial systems, etc.?]
>
> But, I don't want to have to require an "IT department" to
> be able to do these things.  Nor, keep some sort of "management
> console" on-line so it is CONVENIENT to do these things -- hence
> my "would you want to boot a PC to turn off a light?".  I.e., if
> it is time consuming/tedious to access the "control" for this,
> then you will tend to leave it INsecured and *hope* for the best.
>
> [How many folks pick lame passwords because *good* ones are
> hard to remember?  Or, disable the password on their screen
> saver because it is so annoying to have to keep typing it
> in after every 15 minutes of inactivity??  Or, leave an AP
> set up with a default factory password -- or, no security
> at all??  I.e., security has to be *convenient* if you want
> people to use it]
>
>
> ______________________________**_________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/**listinfo/tfug_tfug.org<http://www.tfug.org/mailman/listinfo/tfug_tfug.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20130501/f2103627/attachment-0002.html>

More information about the tfug mailing list