 |
 |
Access restricted to specified hardware addresses?
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Manchester, UK
Status:
Offline
|
|
My work situation is like many others - I have a desktop Mac and a Powerbook which I travel with.
For ultimate security, is it possible to restrict access to my desktop machine to the hardware address of my laptop. I know I can do this by IP address, but this is impractical when travelling; you don't know the IP address you will be assigned when you are on the road. However, you do know your hardware address (a.k.a. 'MAC' address, I believe) and it would be very nice if you could set this up.
Cheers, Phil
|
|
|
| |
|
|
|
|
|
|
|
Admin Emeritus  Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
You could only verify the MAC address locally, I believe.
I suggest you find a different way to secure access, such as a VPN or using a secure connection, and naturally with a strong password.
tooki
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Manchester, UK
Status:
Offline
|
|
Originally posted by tooki:
I suggest you find a different way to secure access, such as a VPN or using a secure connection, and naturally with a strong password.
How easy is it to set up a VPN for the scenario I described - a laptop connecting to a desktop machine via AFP? I have no experience with VPNs, and only scant knowledge about them.
Thanks, Phil
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Oregon
Status:
Offline
|
|
You didn't mention how you were accessing your desktop machine, but if you're using ssh then you could disable password/username access, and enable public key pair authentication. That's about as secure as you can get (assuming you protect your private key). For extra security, you can password protect your private key.
Of course i'm assuming you're not using inherently insecure FTP.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Manchester, UK
Status:
Offline
|
|
Originally posted by Rainy Day:
You didn't mention how you were accessing your desktop machine, but if you're using ssh then you could disable password/username access, and enable public key pair authentication. That's about as secure as you can get (assuming you protect your private key). For extra security, you can password protect your private key.
I'm using plain old AFP. ssh is like a secure telnet I think, Is that correct?
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2002
Status:
Offline
|
|
|
|
|
[vash:~] banana% killall killall
Terminated
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Oregon
Status:
Offline
|
|
ssh is like a secure telnet I think, Is that correct?
In its simplist form, yes. But it can also be used as a secure tunnel for other services, so it's much more versatile than plain old telnet.
What do you want to do? Just move files? If so, there are two pieces of software for moving files, both of which can use an SSH tunnel: rsync (part of the standard BSD MacOS X install) is a smart UNIX command line tool for synchronizing whole directories, and Fugu is a GUI file transfer utility which is more useful for moving a few files at a time on an ad hoc basis. Using an ssh tunnel is optional in rsync, but required in Fugu. For mere mortals, rsync is best used from a GUI front end, or from an AppleScript.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Manchester, UK
Status:
Offline
|
|
Originally posted by Rainy Day:
IWhat do you want to do? Just move files? If so, there are two pieces of software for moving files, both of which can use an SSH tunnel: rsync (part of the standard BSD MacOS X install) is a smart UNIX command line tool for synchronizing whole directories, and Fugu is a GUI file transfer utility which is more useful for moving a few files at a time on an ad hoc basis. Using an ssh tunnel is optional in rsync, but required in Fugu. For mere mortals, rsync is best used from a GUI front end, or from an AppleScript.
Yes, I pretty much want to move files around. I shall give sync and fugu a close look. Thanks for your help. Phil
|
|
|
| |
|
|
|
|
|
|
|
Registered User
Join Date: Jan 2003
Location: California
Status:
Offline
|
|
Originally posted by philm:
My work situation is like many others - I have a desktop Mac and a Powerbook which I travel with.
For ultimate security, is it possible to restrict access to my desktop machine to the hardware address of my laptop. I know I can do this by IP address, but this is impractical when travelling; you don't know the IP address you will be assigned when you are on the road. However, you do know your hardware address (a.k.a. 'MAC' address, I believe) and it would be very nice if you could set this up.
Cheers, Phil
A MAC address is really easy to spoof. Many cards let you "set" it simply by using a utility like "ifconfig". Moreover, unless both your machines are on the same physical medium (Ethernet, 802.11x ...), it doesn't make sense to use a MAC address for authentication - at best it's like using a password.
-A
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
