[Tfug] "Opening" a physical ethernet connection
Bexley Hall
bexley401 at yahoo.com
Wed May 1 20:51:40 MST 2013
Hi John,
On 5/1/2013 5:06 PM, John M wrote:
> Ok, so why don't you just configure port security (802.1x, static IP's,
> etc) if securing your LAN is the issue. I'm just trying to understand why
> you aren't exploring technology that's already available, rather than
> impractical work arounds.
This is *inside* your firewalled network. I.e., you want to be able
to plug a device into this port and have *legitimate* access to
the services available *on* that network. But, the port is only
partially "physically secure" -- someone *could* realistically access
it (neighbor, house guest, employee, etc.).
The appliances on the network I have already implemented with
security in mind. E.g., you can plug into the network and
never (?) trick any of the other devices in the system to
do something they shouldn't (e.g., open the garage door, change
the temperature setting for the furnace, turn the lights on/off,
etc. -- you can similarly imagine the sorts of activities that
would apply in a business/factory setting: turning on pumps,
motors, etc.).
But, while you are inside the firewall, you can still engage in
DoS attacks or, potentially, stumble upon some latent bug in
my implementations... Easier/safer if I can just deny you
"electrical access" to the network even though you have
physical access to a network drop that *sometimes* is actively
part of the network!
More information about the tfug
mailing list