Penetration Testing mailing list archives
Layer 3 and Firewall
From: "dubaisans dubai" <dubaisans () gmail com>
Date: Thu, 5 Oct 2006 12:02:03 +0530
Is it a BAD idea to have multiple logical segments of a Firewall connected to the same physical switch? One of our customers has a Cisco 6509. All VLANs are Layer 2. The server segment multiple User LANs are all terminated here on the same 6509. The default gateway for these Layer 2 VLAN is on the Checkpoint Firewall. So al access from UserLAN to server segment is through the Firewall rulebase. The threat I see is if the network switch administrator wants to bypass Firewall, he can just disconnect the Firewall links and make the VLANs Layer 3 and there is no security. After malicious activites he can very well connect the Firewall and revert back to Layer 2. Is that a valid threat ? Is it High risk ? What controls are possible ? Are multiple physical switches required.? ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Layer 3 and Firewall dubaisans dubai (Oct 05)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
- RE: Layer 3 and Firewall Joseph McCray (Oct 06)
- RE: Layer 3 and Firewall Paul Melson (Oct 06)
- Re: Layer 3 and Firewall dubaisans dubai (Oct 06)
- Re: Layer 3 and Firewall DaKahuna (Oct 07)
- Re: Layer 3 and Firewall Rocky (Oct 25)
- Re: Layer 3 and Firewall FITNC--Kelvin Tarver (Oct 26)
- RE: Layer 3 and Firewall Joseph McCray (Oct 06)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
- <Possible follow-ups>
- RE: Layer 3 and Firewall Starkey, Kyle (Salt Lake City) (Oct 19)