VPN authentication and MAC addressesWhy is MAC-based authentication insecure?Windows Authentication Issues...
What to do with threats of blacklisting?
Subsurf on a crown. How can I smooth some edges and keep others sharp?
Why is 'diphthong' pronounced the way it is?
How to not let the Identify spell spoil everything?
Why didn't Tom Riddle take the presence of Fawkes and the Sorting Hat as more of a threat?
Categorical Unification of Jordan Holder Theorems
Why didn't the 2019 Oscars have a host?
Should I cite R or RStudio?
Is a creature that sees a Medusa's eyes automatically subjected to a saving throw?
Does an Eldritch Knight's Weapon Bond protect him from losing his weapon to a Telekinesis spell?
What's the oldest plausible frozen specimen for a Jurassic Park style story-line?
How to politely refuse in-office gym instructor for steroids and protein
Why does 0.-5 evaluate to -5?
Is `Object` a function in javascript?
What is the industry term for house wiring diagrams?
What is a good reason for every spaceship to carry a weapon on board?
Will rerolling initiative each round stop meta-gaming about initiative?
How do you funnel food off a cutting board?
Coworker asking me to not bring cakes due to self control issue. What should I do?
Why is one not obligated to give up his life rather than violate Lashon Hara?
Book where a space ship journeys to the center of the galaxy to find all the stars had gone supernova
How to write cases in LaTeX?
"Starve to death" Vs. "Starve to the point of death"
If angels and devils are the same species, why would their mortal offspring appear physically different?
VPN authentication and MAC addresses
Why is MAC-based authentication insecure?Windows Authentication Issues Over InternetCisco AnyConnect VPN client - prevent connecting as work networkMinecraft proxy/vpn setupLinksys RV042 and QuickVPN failsSetting up a SSTP VPN on Windows Server 2012 behind a routerDDWRT - OpenVPN connects, but can't communicateResolve names on OpenVPN server side?SSH port tunnelling to access device on VPN server's network (not connected to VPN)vpn client can not connect to hosts over the vpn server
I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties.
I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have:
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose...
Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!
security vpn authentication mac-address
asked Dec 3 '10 at 22:35
zakkzakk
1011
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties.
I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have:
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose...
Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!
security vpn authentication mac-address
asked Dec 3 '10 at 22:35
zakkzakk
1011
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties.
I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have:
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose...
Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!
security vpn authentication mac-address
asked Dec 3 '10 at 22:35
zakkzakk
1011
I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties.
I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have:
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose...
Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!
security vpn authentication mac-address
security vpn authentication mac-address
asked Dec 3 '10 at 22:35
zakkzakk
1011
asked Dec 3 '10 at 22:35
zakkzakk
1011
asked Dec 3 '10 at 22:35
zakkzakk
1011
asked Dec 3 '10 at 22:35
zakkzakk
1011
asked Dec 3 '10 at 22:35
zakkzakk
1011
1011
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
MAC addresses can be changed. Even if you write a custom program that pokes the hardware directly, one can run it inside a virtual machine, and route VPN traffic through it.
Besides, the VPN connection usually gets its own virtual network interface, with its own hardware address.
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
All those things are manipulated easily.
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f218144%2fvpn-authentication-and-mac-addresses%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
MAC addresses can be changed. Even if you write a custom program that pokes the hardware directly, one can run it inside a virtual machine, and route VPN traffic through it.
Besides, the VPN connection usually gets its own virtual network interface, with its own hardware address.
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
All those things are manipulated easily.
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
add a comment |
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
MAC addresses can be changed. Even if you write a custom program that pokes the hardware directly, one can run it inside a virtual machine, and route VPN traffic through it.
Besides, the VPN connection usually gets its own virtual network interface, with its own hardware address.
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
All those things are manipulated easily.
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
add a comment |
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
MAC addresses can be changed. Even if you write a custom program that pokes the hardware directly, one can run it inside a virtual machine, and route VPN traffic through it.
Besides, the VPN connection usually gets its own virtual network interface, with its own hardware address.
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
All those things are manipulated easily.
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
1) An additional check on MAC address, but... are MAC addresses preserved thru VPN?
MAC addresses can be changed. Even if you write a custom program that pokes the hardware directly, one can run it inside a virtual machine, and route VPN traffic through it.
Besides, the VPN connection usually gets its own virtual network interface, with its own hardware address.
2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized).
All those things are manipulated easily.
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
answered Dec 4 '10 at 19:28
grawitygrawity
239k37506561
239k37506561
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f218144%2fvpn-authentication-and-mac-addresses%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
