Penetration Testing mailing list archives
Re: Layer 3 and Firewall
From: "FITNC--Kelvin Tarver" <ktarver () fitnc com>
Date: Wed, 25 Oct 2006 21:07:03 +0000
As part of a complete secuity policy/setup, you must have a way of controlling even the switch admins privilege and have away to hold him accountable. There are a few option you want to explore depending on the switch you have and your companies security policy. One example is AAA used with Cisco's switches which requires the admin to use a username/password to login. You can use a tacac or radius server to help administer this. With this you can restrict their rights to a few configs, log any changes made, etc. There are plent of similar option out there but at some piont you will have to trust someone (example the tacac/radius admin). That may very well be you. Controlling the tacac/radius server canbe a very good optio toconsider. It all depends. Hope this was helpful. Kelvin Tarver Flexible IT Network Consultant, Inc. "Making Technology work for you!" (718) 363-2577 Sent from my BlackBerry® wireless device -----Original Message----- From: Rocky <pixscreenpoint () gmail com> Date: Tue, 24 Oct 2006 16:37:21 To:DaKahuna <da.kahuna () gmail com> Cc:pen-test () securityfocus com Subject: Re: Layer 3 and Firewall another paranoid manager hehehe On 10/6/06, DaKahuna <da.kahuna () gmail com> wrote:
Could you be more specific on the technical solution- because that is what I am looking for urgently? I am not worried about VLAN hopping or any other user-inititated attack ? . I am only worried about the switch admin playing foul.If you can't trust your switch admin then you need to replace him with someone you can trust. Administrator's are people in a position that requires unequivocal trust. In order to be effective in their jobs they need to be privileges that go beyond those of normal users. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Layer 3 and Firewall dubaisans dubai (Oct 05)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
- RE: Layer 3 and Firewall Joseph McCray (Oct 06)
- RE: Layer 3 and Firewall Paul Melson (Oct 06)
- Re: Layer 3 and Firewall dubaisans dubai (Oct 06)
- Re: Layer 3 and Firewall DaKahuna (Oct 07)
- Re: Layer 3 and Firewall Rocky (Oct 25)
- Re: Layer 3 and Firewall FITNC--Kelvin Tarver (Oct 26)
- RE: Layer 3 and Firewall Joseph McCray (Oct 06)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
- <Possible follow-ups>
- RE: Layer 3 and Firewall Starkey, Kyle (Salt Lake City) (Oct 19)