MACSec? Ultimate Layer 2 security solution?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
OpenSource Ghost
DD-WRT User


Joined: 14 Feb 2022
Posts: 50

PostPosted: Wed Sep 28, 2022 14:15    Post subject: MACSec? Ultimate Layer 2 security solution? Reply with quote
Common knowledge is that Layer 2 cannot be truly secured because of MAC address spoofing, but MACSec (https://en.wikipedia.org/wiki/IEEE_802.1AE), supposedly, does secure networks on Layer 2. Does it actually do that? If so, why is it not widely implemented? Does DD-WRT support it?
Sponsor
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Sep 28, 2022 14:28    Post subject: Reply with quote
It is standard it is used in MAN (Metropolitan Area Networks), no I dont think DD-WRT supports it.

https://ieeexplore.ieee.org/document/8585421

Also its patented. Much like Elliptic curve ciphers are patented and why many such patented tech(s) are not widely adopted or widespread.

Is it secure? Sure, more secure than not using anything, but... what man can do, man can undo just as fast, so would take extra proverbial 10 minutes instead of being instant Wink

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
OpenSource Ghost
DD-WRT User


Joined: 14 Feb 2022
Posts: 50

PostPosted: Wed Sep 28, 2022 16:53    Post subject: Reply with quote
10 minutes? That makes it worthless...
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Sep 28, 2022 17:03    Post subject: Reply with quote
Depends on what is used, proverbial 10 minutes depends on the skill and capabilities of the person trying to defeat it by other means or spoofing the lot into a controlled device attached to the network. Since these are networks anyone can access, think CCTV and such, they will have other layers of security, not so trivial to bypass, but everything is flawed somewhere.

Sure worthless, as if secure anything exists in tech. Keep dreaming.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
OpenSource Ghost
DD-WRT User


Joined: 14 Feb 2022
Posts: 50

PostPosted: Wed Sep 28, 2022 17:07    Post subject: Reply with quote
There must be some advanced technologies out there that recognize network devices based on electromagnetic or radiation-emitting or timing or other types of signatures. Being able to spoof such signatures (along with other identifiers) shouldn't be as easy as just changing one's network configuration. I guess that's how data from airgap machines can be collected.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Sep 28, 2022 17:34    Post subject: Reply with quote
What you mentioned (air gap wise) is done is laboratories under a strict controlled environment. To implement such things in real world while not impossible (for the sake of this conversation), is very unlikely, the cost of it alone and all variables that in real world would be affected by other interference. While everything can have a identifiable electromagnetic signature then what would happen if the control equipment is flawed somehow or able to be tricked/bypassed what then?

Reminds me of the latest XKCD

https://media.discordapp.net/attachments/535825485201014806/1023979146059202610/two_key_system.png

Ultimately add as many keys and systems you like, good luck securing any tech in a way that is full proof. Doesnt exist and will never exist, the main cause is people.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum