Security Basics mailing list archives

Re: information harvesting from within the network

From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Tue, 24 May 2005 09:58:29 -0400

I haven't heard anything in recent years about anyone getting away
with that - at least not with Cisco equipment.

Do you have any information to support that this is still a relevant
issue?  Thanks!


On 5/23/05, Andrew Shore <andrew.shore () holistecs com> wrote:

VLANs are a management tool not a security tool. There are many ways to
"jump" vlans with in a switch.

Andy

-----Original Message-----
From: Jason Lopez [mailto:jaylpz () sbcglobal net]
Sent: 21 May 2005 03:32
To: 'ddjjembe 2'
Cc: security-basics () securityfocus com
Subject: RE: information harvesting from within the network

If you have any manage switches, you could put them on separate VLans,
and
deny them access to your private network...

My two-cents
jay
-----Original Message-----
From: ddjjembe 2 [mailto:ddjjembe2 () hotmail com]
Sent: Thursday, May 19, 2005 7:40 PM
To: security-basics () securityfocus com
Subject: information harvesting from within the network

Background:
I work in a university that has university typical security practices.
Currently any authenticated user can scan the parts of the network with
tools like LANguard or Nessus and obtain a considerable amount of
information from them.   Most of the computers in our network are
windows
computers.  We also have departments with MACs and *nix machines.

Goal:
If possible, lock down the Windows computers with group policies and/or
templates to disable this potential unauthorized information harvesting
users and then restrict scanning ability to the security group with LDAP

permissions.  Am I on the right track here?

I would like to achieve this without using a host based firewall.

Group policies have large pool of settings to pick from.  Narrowing it
down
to a few that disable at least portions would be appreciated.

Thanks,

ddjembe

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/



-- 
ME2  <http://www.santeriasys.net/>

Current thread:

information harvesting from within the network ddjjembe 2 (May 20)
- RE: information harvesting from within the network Jason Lopez (May 23)
- Re: information harvesting from within the network Alexander Klimov (May 23)
- <Possible follow-ups>
- RE: information harvesting from within the network Beauford, Jason (May 20)
- RE: information harvesting from within the network D Adler (May 23)
- RE: information harvesting from within the network Andrew Shore (May 23)
  - Re: information harvesting from within the network Micheal Espinola Jr (May 24)
- Re: information harvesting from within the network Henry Anslinger (May 26)