Public Ethernet Connections
Mark Ellis
mark.ellis at rpl.richmond.bc.ca
Fri May 29 12:43:49 EDT 1998
Chuck Bearden said:
<snip> ---------------------------------------
Ethernet is in a sense a broadcast medium, meaning that packets from
one machine to another are available to all machines on either the
sending or receiving segments. All one has to do is plug in a laptop
with a packet sniffer on it, and you can have the usernames and
passwords anyone sends out on the same segment. I would strongly
suggest making each wire that could be used with a non-library
workstation plug directly into its own port on a switch, rather than
on a hub, in order to prevent the library from becoming a place to
harvest passwords.
</snip> -----------------------------------------
It is not necessary to go the expense of buying a switch. Some hubs can
be configured to scramble frames destined for addresses other than that
of the intended recipient. On 3Com hubs it's called "Need to Know". I
first heard of this about five years ago when it was being used in UBC
student residences.
Hubs and switches can also be configured permit only registered MAC
addresses to connect. This is useful if you're concerned about patrons
unplugging your computers and plugging in their own. You could also
register patron's MAC addresses before allowing them to use laptops on
your network; thereby building in some accountabilty. (That sounds like
a lot of work though)
------------------------------------------------------------------------
Mark Ellis
Network Support Analyst Phone: (604) 231-6410
Richmond Public Library
Richmond, British Columbia
Email:mark.ellis at rpl.richmond.bc.ca
------------------------------------------------------------------------
More information about the Web4lib
mailing list