Feature request: MAC filtering/blocking

johndball · 01-03-2012, 03:13 PM

If there isn't a way to do this now, could there be an option to allow for the filtering, or blocking, of MAC addresses?

f1assistance · 01-03-2012, 03:51 PM

Quote:

Originally Posted by johndball

If there isn't a way to do this now, could there be an option to allow for the filtering, or blocking, of MAC addresses?

Depending on your LAN configuration, you might assign a static IP Address to the MAC Address (DHCP Server) then block that IP Address external access...

johndball · 01-03-2012, 03:57 PM

I can/have/would do this but it is far too easy for somebody to change the IP address of the computer and get around any blocks.*

Here is the setup I have, and it works well, but I'd like to lock it down even further.

The fist layer we have is HP ProCurve switches with port filtering based on MAC addresses. If somebody plugs into a port and that MAC address is not in the allow list for that port the port shuts down.

Secondly, we have Windows Firewall running on the domain to block ALL traffic to and from ANY IP address that is not on the allow list. The IP addresses on the allow list are those workstations and network equipment that is authorized to be on the network.

I'd like to add an extra layer using the Untangle Firewall. If somebody accesses the network and bypasses our servers or doesn't require the services of our servers (DHCP and DNS) but sends traffic directly to the firewall I'd like for the firewall to drop/block the traffic.

*This isn't on domain-owned workstations (which are locked down) but on laptops or mobile hard-wired devices that somebody might bring into the facility. I'm only thinking about this now because we had a breach last night. A combination of safeguards weren't enabled due to the failure of multiple individuals and a breach occurred. Granted access, to my knowledge, wasn't obtained thanks to the switch security policies but it would be nice to have an additional layer on the firewall.

f1assistance · 01-03-2012, 04:06 PM

Captive Portal

dwasserman · 01-04-2012, 04:19 AM

In Config/Networking/Advanced/PacketFilter you have the Source Mac Address option

packetfiltermac.JPG

YeOldeStonecat · 01-04-2012, 10:24 AM

Quote:

Originally Posted by johndball

I can/have/would do this but it is far too easy for somebody to change the IP address of the computer and get around any blocks.*

To be honest....if someone is savvy enough to do the above, they are savvy enough to run a MAC spoofing software on their PC too.

Control them via DHCP reservation, IP address...and don't give them local admin rights to change their network settings.

sky-knight · 01-04-2012, 10:33 AM

That doesn't need special software. For windows it's a property of the NIC in device manager, and for Linux/Mac is an ifconfig line on the command line. MAC controls are not more secure than IP level controls. If you require this level of control of your network, please look into NAC enabled switches.

Also, Untangle has MAC address controls, they are in the packet filter.

johndball · 01-05-2012, 12:16 PM

Quote:

Originally Posted by dwasserman

In Config/Networking/Advanced/PacketFilter you have the Source Mac Address option

Attachment 4375

Just what I was needed. Thanks!

Mathiau · 01-05-2012, 03:53 PM

Quote:

Originally Posted by YeOldeStonecat

To be honest....if someone is savvy enough to do the above, they are savvy enough to run a MAC spoofing software on their PC too.

Control them via DHCP reservation, IP address...and don't give them local admin rights to change their network settings.

Bingo, you need to implement proper system level security.

johndball · 01-05-2012, 03:55 PM

It's already implemented. Read my second post on this thread.

This request was for an additional layer, not primary.

01-03-2012, 03:13 PM	#1 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	Feature request: MAC filtering/blocking If there isn't a way to do this now, could there be an option to allow for the filtering, or blocking, of MAC addresses?

01-03-2012, 03:57 PM	#3 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	I can/have/would do this but it is far too easy for somebody to change the IP address of the computer and get around any blocks.* Here is the setup I have, and it works well, but I'd like to lock it down even further. The fist layer we have is HP ProCurve switches with port filtering based on MAC addresses. If somebody plugs into a port and that MAC address is not in the allow list for that port the port shuts down. Secondly, we have Windows Firewall running on the domain to block ALL traffic to and from ANY IP address that is not on the allow list. The IP addresses on the allow list are those workstations and network equipment that is authorized to be on the network. I'd like to add an extra layer using the Untangle Firewall. If somebody accesses the network and bypasses our servers or doesn't require the services of our servers (DHCP and DNS) but sends traffic directly to the firewall I'd like for the firewall to drop/block the traffic. This isn't on domain-owned workstations (which are locked down) but on laptops or mobile hard-wired devices that somebody might bring into the facility. I'm only thinking about this now because we had a breach last night. A combination of safeguards weren't enabled due to the failure of multiple individuals and a breach occurred. Granted access, to my knowledge, wasn't obtained thanks to the switch security policies but it would be nice to have an additional layer on the firewall. Last edited by johndball; 01-03-2012 at 04:00 PM..*

01-03-2012, 04:06 PM	#4 (permalink)
f1assistance Master Untangler Join Date: Apr 2009 Location: Holly Springs, NC URLs submitted: 154 Posts: 218	Captive Portal __________________ Untangle...because nothing is worse than doing nothing! ------- 2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

01-04-2012, 04:19 AM	#5 (permalink)
dwasserman Join Date: Jun 2008 Location: Argentina URLs submitted: 57 Posts: 3,634	In Config/Networking/Advanced/PacketFilter you have the Source Mac Address option packetfiltermac.JPG __________________ The world is divided into 10 kinds of people, who know binary and those not

01-04-2012, 10:33 AM	#7 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	That doesn't need special software. For windows it's a property of the NIC in device manager, and for Linux/Mac is an ifconfig line on the command line. MAC controls are not more secure than IP level controls. If you require this level of control of your network, please look into NAC enabled switches. Also, Untangle has MAC address controls, they are in the packet filter. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-05-2012, 03:55 PM	#10 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	It's already implemented. Read my second post on this thread. This request was for an additional layer, not primary.