On 1/13/11 9:11 PM, Jeremy Wood wrote:
> I'm curious how those of you worried about MAC address spoofing address
> the spoofing of user agents to get a device to appear as another. From
> my understanding, you need to disable the Java/Active X applet
> requirement for a login page in order for the devices that can't load
> them to use the web login. In doing so you become completely dependent
> on the user agent to determine the OS of the machine and IMO that's much
> easier than a MAC to spoof.

You use MAC address identification for these devices in a role strictly
limited - there's no reason an XBox needs to see Blackboard, email,
printers, other useful campus resources. To provide iPhones such access
you could in turn require VPN to get into the general network.

If someone wants to spoof such a device, their options should be limited
and their ability to do damage slight.

-- 
Best regards
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.oberlin.edu/cit/

"That in our days such pygmies cast such giant shadows only shows how
late in the day it is become" -- Erwin Chargaff.