A Residential Gateway implementation

Most DSL or Cable modem solutions employ a device called a “Residential Gateway,” that converts a transmission signal to a Local Area Network signal. Since most routers can clone the MAC address of a Network Interface Controller, it might be natural to want to more securely “lock down,” the implementation using MAC address filtering.

A superior setup might see the Gateway turning on MAC address filtering, with exactly one Media Access Control address, and that address chosen at random, not off the network.

Then, the router (downstream of the Gateway) is instructed to present or “clone” that particular MAC. As such, the Gateway now believes that the router is the only authorized device on the network.

Internally, the router is then instructed with a white list, to recognize only the MAC’s of authorized machines. Note: most routers list Hardwired MAC’s and Wireless MAC’s separately.

In a home network situation, this would not be as friendly to guests, as one might want to be, but it would be completely secure against external browsing. The “gold standard” for security is that it should be impossible to compromise without physical access.

Cap it off by instructing the Gateway not to reply to pings, and your network can be both unobtrusive and secure against anyone without physical access.

Advertisements

About James Johnson

I am an amateur mathematician & political theorist who enjoys (occasionally cerebral) humor.
This entry was posted in Uncategorized and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s