11
MAC filtering, but if the MAC address is visible from the outside AP it's pretty much useless. Radius would help.
Yeah since the unit is easily accessible I imagine they could just read the MAC address off the sticker and spoof it.
https://en.m.wikipedia.org/wiki/IEEE_802.1X
The standard directly addresses an attack technique called Hardware Addition where an attacker posing as a guest, customer or staff smuggles a hacking device into the building that they then plug into the network giving them full access.
Yup, I had to implement this for a customer once, and while it was a paid, it does require authentication before getting access to the network.
You could probably do an automation with home assistant to disable the report if the device gets unplugged, notify you about it, then require to you approve / re-enable the port.
This of course would require the service to be running, but combined with MAC filtering and placing it on an untrusted VLAN that's probably the best you could do.
A padlock.
But can't that be defeated with a $5.00 wrench? [https://xkcd.com/538/]
If people are breaking into your stuff, don't put it outside at all.
Low tech and cheap, best option unless you can Mac bind on your switch natively.
Lock the Mac with port security
this post was submitted on 24 Jul 2024
11 points (100.0% liked)
networking
2783 readers
2 users here now
Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.
founded 1 year ago
MODERATORS