Re: security opinions please [7:3666]

Jedi Thu, 10 May 2001 10:38:41 -0700
my url didn't go through

www.sans.org/infosecFAQ/switchednet/switch_security.htm

----- Original Message -----
From: "Jedi" 
To: 
Sent: Thursday, May 10, 2001 7:29 AM
Subject: Re: security opinions please [7:3666]


>
> Enjoy!
>
> Also this came across the CISSP forum a not to long ago: (it was an
offline
> response I kept the names off to protect the innocent)
>
> Subject: FW: [cisspforum] VLAN security - lets keep laughing
>
>
>
> J.
>
> I wanted to comment to this thread "off-line" due to the nature of the
>
> question- but there is a way to "hop" between VLANS which limits the
ability
>
> of the VLAN to keep traffic segmented- and this is totally unsecure.
>
> Several of my security engineers have used this technique to gain access
to
>
> information on segments that were supposedly "secure"...
>
>
>
> ----- Original Message -----
> From: "Jacques Atlas"
> To:
> Sent: Tuesday, May 08, 2001 6:11 PM
> Subject: RE: security opinions please [7:3666]
>
>
> > On Tue, 8 May 2001, Michael Cohen wrote:
> >
> > |How does one go upon "penetrating" the internal VLAN on a switch while
> only
> > |having access to the external VLAN and not traversing the PIX in the
> middle?
> >
> > i would also be interted in finding out the theory behind this.
> >
> > |I have heard the response from numerous security engineers that
anything
> is
> > |possible however I guess I'm a novice because I have never seen nor
heard
> of
> > |this being done in the situation mentioned above.
> >
> > did they give you proof ?
> >
> > |I attribute the idea of physically seperating these networks (even
> > |though VLAN based seperation is just as effective) as security
paranoia.
> >
> > there are also times when you can not afford to buy a decent switch for
> > every service that you want and a large switch could give the best
> > possible sollution.
> >
> > --
> > jacques
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> [GroupStudy.com removed an attachment of type
application/x-pkcs7-signature
> which had a name of smime.p7s]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4046&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: security opinions please [7:3666]

Reply via email to
