[c-nsp] Restricting VPN connections to company hardware?

mark [at] edgewire mark at edgewire.sg
Fri Nov 6 02:19:18 EST 2009


There's no way of stopping a determined user that wants to bypass  
whatever filters or red tape you have in place really but if you're  
able to restrict most of the users, would you say no to it? There's  
not a single solution to deploy where people can't find a way to use  
another device, at least not that I know of. Maybe you could shed some  
light on it instead of just pointing out that the MAC address can be  
spoofed and would you expect your average run of the mill user know  
how to spoof MAC addresses?




On 06-Nov-2009, at 3:12 PM, Peter Rathlev wrote:

> On Fri, 2009-11-06 at 11:10 +0800, mark [at] edgewire wrote:
>> Why is it not possible to check it against the MAC address of the
>> connecting device? Log incoming connections and their MAC address and
>> match it against a list of hardware that has been assigned to the  
>> users.
>
> Please state how you expect this not to be spoofed. :-)
>
> -- 
> Peter
>
>



More information about the cisco-nsp mailing list