Re: security opinions please [7:3666]

Wed, 09 May 2001 07:11:00 -0700 

Believing that keeping security questions in the dark increases 
security is commonly referred to as "security through obscurity" 
and is generally viewed as a bad idea by nearly everyone in the 
security field.  

Attackers already know the exploits, not informing your peers 
doesn't prevent attacks, it only assists the attackers.

What you shouldn't do is provide unneeded information about ones 
particular organization that might assist an attacker in attacking 
your organization.  

Regards,
Kent











On 9 May 2001, at 5:55, ccnawan wrote:

> In my experience I have been taught, it not a good idea to write about
> How tos in regards to security in a open forum like this? Dan Evensen
> > > > >How does one go upon "penetrating" the internal VLAN on a
> switch while only > >having access to the external VLAN and not
> traversing the PIX in the > >middle? > >I have heard the response from
> numerous security engineers that anything is > >possible however I
> guess I'm a novice because I have never seen nor heard > >of > >this
> being done in the situation mentioned above.  I attribute the idea of
> > >physically seperating these networks (even though VLAN based
> seperation is > >just as effective) as security paranoia.  This isn't
> necessarily a bad > >thing, after all that's what security guys are
> paid for, however I don't > >see > >a technical reason why you can't
> have these VLANs connected to the same box > >as long as a properly
> configured firewall logically seperates them. > > Launching a DoS on
> these devices is pretty easy, anything which transports > data for
> management can be 'hacked'. > > Rob./ > >
> ______________________________________________________________________
> ___ > Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com. > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html > Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3815&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to