Penetration Testing mailing list archives

Re: Layer 3 and Firewall

From: "FITNC--Kelvin Tarver" <ktarver () fitnc com>
Date: Wed, 25 Oct 2006 21:07:03 +0000

As part of a complete secuity policy/setup, you must have a way of controlling even the switch admins privilege and 
have away to hold him accountable.

There are a few option you want to explore depending on the switch you have and your companies security policy.

One example is AAA used with Cisco's switches which requires the admin to use a username/password to login. You can use 
a tacac or radius server to help administer this.

 With this you can restrict their rights to a few configs, log any changes made, etc.  

There are plent of similar option out there but at some piont you will have to trust someone (example the tacac/radius 
admin).

That may very well be you.  Controlling the tacac/radius server canbe a very good optio toconsider.  It all depends.

Hope this was helpful.

Kelvin Tarver
Flexible IT Network Consultant, Inc.
"Making Technology work for you!"
(718) 363-2577

Sent from my BlackBerry® wireless device      

-----Original Message-----
From: Rocky <pixscreenpoint () gmail com>
Date: Tue, 24 Oct 2006 16:37:21 
To:DaKahuna <da.kahuna () gmail com>
Cc:pen-test () securityfocus com
Subject: Re: Layer 3 and Firewall

another paranoid manager hehehe



On 10/6/06, DaKahuna <da.kahuna () gmail com> wrote:


Could you be more specific on the technical solution- because that is
what I am looking for urgently? I am not worried about VLAN hopping or
any other user-inititated attack ? . I am only worried about the
switch admin playing foul.


If you can't trust your switch admin then you need to replace him
with someone you can trust.
Administrator's are people in a position that requires unequivocal
trust. In order to be effective in their jobs they need to be
privileges that go beyond those of normal users.



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Layer 3 and Firewall dubaisans dubai (Oct 05)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
  - RE: Layer 3 and Firewall Joseph McCray (Oct 06)
    - RE: Layer 3 and Firewall Paul Melson (Oct 06)
  - Re: Layer 3 and Firewall dubaisans dubai (Oct 06)
    - Re: Layer 3 and Firewall DaKahuna (Oct 07)
    - Re: Layer 3 and Firewall Rocky (Oct 25)
    - Re: Layer 3 and Firewall FITNC--Kelvin Tarver (Oct 26)
- <Possible follow-ups>
- RE: Layer 3 and Firewall Starkey, Kyle (Salt Lake City) (Oct 19)