Kent,
If you look at my original message you will see that it says about How tos,
which means Not to give away information that would help dishonest people.
Discussion among Security, and IS professionals, I agree with. But that is
what CERN, ISS, Bugtraq etc are for. I should have been more clear, but I
was studying at 3AM last night. Do you know what Social Engineering means.
I believe the U.S. Gov. was trying to shut down, these Security sites that
give away information on how to do things that compromise networks.
They are very concerned about Information warfare, and rightly so.
Dan Evensen
ccnawan wrote:
>
> In my experience I have been taught, it not a good idea to write about How
> tos in regards to security in a open forum like this?
----- Original Message -----
From:
To:
Sent: Wednesday, May 09, 2001 7:38 AM
Subject: Re: security opinions please [7:3666]
> Believing that keeping security questions in the dark increases
> security is commonly referred to as "security through obscurity"
> and is generally viewed as a bad idea by nearly everyone in the
> security field.
>
> Attackers already know the exploits, not informing your peers
> doesn't prevent attacks, it only assists the attackers.
>
> What you shouldn't do is provide unneeded information about ones
> particular organization that might assist an attacker in attacking
> your organization.
>
> Regards,
> Kent
>
>
>
>
>
>
>
>
>
>
>
> On 9 May 2001, at 5:55, ccnawan wrote:
>
> > In my experience I have been taught, it not a good idea to write about
> > How tos in regards to security in a open forum like this? Dan Evensen
> > > > > >How does one go upon "penetrating" the internal VLAN on a
> > switch while only > >having access to the external VLAN and not
> > traversing the PIX in the > >middle? > >I have heard the response from
> > numerous security engineers that anything is > >possible however I
> > guess I'm a novice because I have never seen nor heard > >of > >this
> > being done in the situation mentioned above. I attribute the idea of
> > > >physically seperating these networks (even though VLAN based
> > seperation is > >just as effective) as security paranoia. This isn't
> > necessarily a bad > >thing, after all that's what security guys are
> > paid for, however I don't > >see > >a technical reason why you can't
> > have these VLANs connected to the same box > >as long as a properly
> > configured firewall logically seperates them. > > Launching a DoS on
> > these devices is pretty easy, anything which transports > data for
> > management can be 'hacked'. > > Rob./ > >
> > ______________________________________________________________________
> > ___ > Get Your Private, Free E-mail from MSN Hotmail at
> > http://www.hotmail.com. > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html > Report misconduct and
> > Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html Report misconduct and
> > Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3884&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
