Enjoy!
Also this came across the CISSP forum a not to long ago: (it was an offline
response I kept the names off to protect the innocent)
Subject: FW: [cisspforum] VLAN security - lets keep laughing
J.
I wanted to comment to this thread "off-line" due to the nature of the
question- but there is a way to "hop" between VLANS which limits the ability
of the VLAN to keep traffic segmented- and this is totally unsecure.
Several of my security engineers have used this technique to gain access to
information on segments that were supposedly "secure"...
----- Original Message -----
From: "Jacques Atlas"
To:
Sent: Tuesday, May 08, 2001 6:11 PM
Subject: RE: security opinions please [7:3666]
> On Tue, 8 May 2001, Michael Cohen wrote:
>
> |How does one go upon "penetrating" the internal VLAN on a switch while
only
> |having access to the external VLAN and not traversing the PIX in the
middle?
>
> i would also be interted in finding out the theory behind this.
>
> |I have heard the response from numerous security engineers that anything
is
> |possible however I guess I'm a novice because I have never seen nor heard
of
> |this being done in the situation mentioned above.
>
> did they give you proof ?
>
> |I attribute the idea of physically seperating these networks (even
> |though VLAN based seperation is just as effective) as security paranoia.
>
> there are also times when you can not afford to buy a decent switch for
> every service that you want and a large switch could give the best
> possible sollution.
>
> --
> jacques
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3979&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
