[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 30/03/14 20:35, Daniel Robinson wrote: > What if they're setup individually then they swap codes, the idea is > that I have complete control and that each person on the LAN is safe > from one and other. If you're on a shared medium like wifi and have malicious users willing to share all possible secrets (SSID, passwords, MAC, certificate files, etc) and who are sufficiently well informed (subnets, MAC spoofing, etc aren't a big deal to get around), there's really nothing much you can do technically to separate them and you shouldn't try. Look at it another way - if you consider yourself has having two groups of users (trusted and untrusted), it doesn't really matter as long as the trusted users don't share secrets with the untrusted ones. If they do, demote them to the untrusted group. The same principle works with any number of trust levels/groups - if you detect any breach of trust, demote everyone involved to the lowest common denominator. This way you retain control*, plus give them all an incentive not to share secrets. You then don't have to bother with putting minor hurdles like MAC filtering in there - they keep their WPA passwords secret or else. Otherwise I'd agree with big bad apple that you're down to social controls and banning! Cheers, Mike. * that is, unless they stage a revolution against network filtering and commandeer the router physically ;) -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq