[Tfug] "Opening" a physical ethernet connection

Bexley Hall bexley401 at yahoo.com
Wed May 1 16:33:17 MST 2013 

Hi Bender,

On 5/1/2013 4:17 PM, Bender wrote:
> Don,
>
> Why don't you really tell us what you are trying to do?

Ideally, I want to be able to "unplug" a "physical ethernet
connection" (i.e., a *cable*).  This prevents the service(s)
available on that connection from being accessed *and*
protects the fabric from "assault" (e.g., someone taking a
line cord and connecting it to the pins of the connector
thereby frying a port in an *expensive* switch).

I.e., just like unplugging the cable or installing a "relay"
in series.

Absent the ability to *protect* the network fabric, I'd at
least like to be able to protect the *traffic* (which can be
done by shutting down the port on a managed switch; removing
power from a switch in series with that network segment; or
by "jabbering" on those particular pairs to make regular
traffic unavailable).

As the example I cited:  I want to be able to take an IP
phone, TV, laptop, etc. to a network drop that is in
an "unsecured area" (e.g., outside) and use it, there.
Then, when no longer needed, to be able to shutdown that
"point of access" so no others can use it.  Much like you
would shutdown your wireless AP when not in use to prevent
others from silently hammering away at it...

[Imagine a business having network drops on the factory
floor.  Do you want Joe Worker to be able to surreptitiously
plug in a laptop and surf the web, access the company's
manufacturing/financial systems, etc.?]

But, I don't want to have to require an "IT department" to
be able to do these things.  Nor, keep some sort of "management
console" on-line so it is CONVENIENT to do these things -- hence
my "would you want to boot a PC to turn off a light?".  I.e., if
it is time consuming/tedious to access the "control" for this,
then you will tend to leave it INsecured and *hope* for the best.

[How many folks pick lame passwords because *good* ones are
hard to remember?  Or, disable the password on their screen
saver because it is so annoying to have to keep typing it
in after every 15 minutes of inactivity??  Or, leave an AP
set up with a default factory password -- or, no security
at all??  I.e., security has to be *convenient* if you want
people to use it]

More information about the tfug mailing list