Security Basics mailing list archives
Re: information harvesting from within the network
From: Henry Anslinger <fortmreza () yahoo com au>
Date: Thu, 26 May 2005 21:03:10 +1000 (EST)
@Stake security review of VLANs http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf VLAN Features http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm Layer 2 -- The Weakest Link http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac222/about_cisco_packet_feature09186a0080142deb.html http://www.cotse.com/mailing-lists/bugtraq/1999/1397.html http://www.sans.org/resources/idfaq/vlan.php cheers Ivan --- Micheal Espinola Jr <michealespinola () gmail com> wrote:
I haven't heard anything in recent years about anyone getting away with that - at least not with Cisco equipment. Do you have any information to support that this is still a relevant issue? Thanks! On 5/23/05, Andrew Shore <andrew.shore () holistecs com> wrote:VLANs are a management tool not a security tool.There are many ways to"jump" vlans with in a switch. Andy -----Original Message----- From: Jason Lopez [mailto:jaylpz () sbcglobal net] Sent: 21 May 2005 03:32 To: 'ddjjembe 2' Cc: security-basics () securityfocus com Subject: RE: information harvesting from withinthe networkIf you have any manage switches, you could putthem on separate VLans,and deny them access to your private network... My two-cents jay -----Original Message----- From: ddjjembe 2 [mailto:ddjjembe2 () hotmail com] Sent: Thursday, May 19, 2005 7:40 PM To: security-basics () securityfocus com Subject: information harvesting from within thenetworkBackground: I work in a university that has university typicalsecurity practices.Currently any authenticated user can scan theparts of the network withtools like LANguard or Nessus and obtain aconsiderable amount ofinformation from them. Most of the computers inour network arewindows computers. We also have departments with MACs and*nix machines.Goal: If possible, lock down the Windows computers withgroup policies and/ortemplates to disable this potential unauthorizedinformation harvestingusers and then restrict scanning ability to thesecurity group with LDAPpermissions. Am I on the right track here? I would like to achieve this without using a hostbased firewall.Group policies have large pool of settings to pickfrom. Narrowing itdown to a few that disable at least portions would beappreciated.Thanks, ddjembe
_________________________________________________________________
Don't just search. Find. Check out the new MSNSearch!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
-- ME2 <http://www.santeriasys.net/>
Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com
Current thread:
- information harvesting from within the network ddjjembe 2 (May 20)
- RE: information harvesting from within the network Jason Lopez (May 23)
- Re: information harvesting from within the network Alexander Klimov (May 23)
- <Possible follow-ups>
- RE: information harvesting from within the network Beauford, Jason (May 20)
- RE: information harvesting from within the network D Adler (May 23)
- RE: information harvesting from within the network Andrew Shore (May 23)
- Re: information harvesting from within the network Micheal Espinola Jr (May 24)
- Re: information harvesting from within the network Henry Anslinger (May 26)