I'm using Netup UTM on FreeBSD. I protected my clients by IP & MAC but some one in my local network can change MAC and they can use Internet from other people.
Forexample:
Client A (IP: 192.168.0.101 00:12:bc:4d:14:af) Internet is On
Thief change his MAC & IP to (192.168.0.101 00:12:bc:4d:14:af) then he can use internet's Client A.
Can you suggest me security for this problem or detect Real MAC from Thief.
* Change MAC from Windows
Thanks verymuch.
Quangnd.
Low security in UTM
UTM Manual may be outdated... Try to find HOWTO or manuals by keywords: mpd pppoe etc. I can't help you with exact links, cos all my manuals in Russian language...
Or you can buy broadband aggregate hardware, for example Cisco. Specific model will depend on your needs (amount of users, desired speed etc). Less time to tune it, more features, great stability...
As for managed switches, there are several methods to meet your needs.
1. VLAN per user (but we have limitation by 4096 VLANs)
2. Port Security (port will be disabled if user changes his MAC)
3. DHCP Option 82 (IP lease based on specific switch and specific port on that switch)
Anyway, all methods need some additional work, to be reasonably secure and effective.
Or you can buy broadband aggregate hardware, for example Cisco. Specific model will depend on your needs (amount of users, desired speed etc). Less time to tune it, more features, great stability...
As for managed switches, there are several methods to meet your needs.
1. VLAN per user (but we have limitation by 4096 VLANs)
2. Port Security (port will be disabled if user changes his MAC)
3. DHCP Option 82 (IP lease based on specific switch and specific port on that switch)
Anyway, all methods need some additional work, to be reasonably secure and effective.
NetUP UTM 4.0 [1 +update 17 may 2004], NetUP RADIUS SERVER [], RH Linux 9.0