undefined | Better HN

0 pointsjon-wood7y ago0 comments

I’m sure there are some secure networks that require 802.1x authentication against a specific certificate authority, which would ensure devices only connect to a trusted network. That’s definitely an exception rather than the rule though - I’ve never worked anywhere that does anything more than limiting which device can connect to a particular switch port.

0 comments

deathanatos7y ago

I've also seen wired network authentication, but that's typically the network authenticating the devices that connect to it. This is more like the need for the device to authenticate the network that it's attached to, or really, to authenticate the USB devices attached to it. This is somewhat problematic: I feel like most employees/people want to go to a coffee shop and do work, or work at home, etc. How does one distinguish between those networks and the rouge ones?

(I think ideally, you don't distinguish. Every network is equally untrusted, and you rely on good end-to-end encryption. That doesn't address the rouge HID attack, however.)

I've also seen unauthenticated corporate networks where STP packets reach the end user ports, and AIUI, the right response packet would direct the network to start sending all traffic my way…

j / k navigate · click thread line to collapse

0 comments

deathanatos7y ago

(I think ideally, you don't distinguish. Every network is equally untrusted, and you rely on good end-to-end encryption. That doesn't address the rouge HID attack, however.)

I've also seen unauthenticated corporate networks where STP packets reach the end user ports, and AIUI, the right response packet would direct the network to start sending all traffic my way…

j / k navigate · click thread line to collapse