Re: [squid-users] MAC bacsed ACL

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 19 Feb 2003 08:30:15 +0100

And if you use MAC he can change to any free MAC address..

The generally recommended identification method if IP is not
sufficient is to use authentication. This way your access logs and
access controls will show within reasonable doubt who the user really
is.

Regards
Henrik

On Wednesday 19 February 2003 06.54, hare ram wrote:
> Hi Henrik
>
> You were saying the MAC based ACL is no so Secure
> then what methode is secure,
> if i does the the IP based Access List
> User can change any free IP and Start Browsing, and other PC who
> have the same IP will have IP conflict or so.
>
> what is the recomendation for the securing the access for the user
> to use the same PC rather move or connect the LAN connection to
> another PC
>
> suggetion will appriciate
>
> hare
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: "hare ram" <hareram@sol.net.in>
> Cc: <squid-users@squid-cache.org>
> Sent: Tuesday, February 18, 2003 10:06 PM
> Subject: Re: [squid-users] MAC bacsed ACL
>
> > Why are you using MAC based ACLs? MAC based acls are technically
> > NOT more secure than IP based ACLs, only more complex to define
> > as each MAC address is 12 hex numbers..
> >
> > 200 MAC addresses is not very many for Squid to manage. To ease
> > management I would recommend putting them in a separate file and
> > include this from squid.conf if you have not already done so.
> >
> > Regards
> > Henrik
> >
> > tis 2003-02-18 klockan 16.45 skrev hare ram:
> > > Hi all
> > >
> > > iam trying to make MAC based ACL, i have 200PC MAC based ACL,
> > > looks very long,
> > > does any one have alternative method to use this 200 MAC
> > > address ACL in short
> > >
> > > thanks
> > > hare
> >
> > --
> > Henrik Nordstrom <hno@squid-cache.org>
> > MARA Systems AB, Sweden
Received on Wed Feb 19 2003 - 00:29:07 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:28 MST