""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > >Can't find the link off hand, but recently I read something on the > Cisco web > >site about L2 vulnerabilities - mac flooding or something. > > > >In any case, what it comes down to is that the possibility exists > that > >someone of evil intent could sniff a network and discover something > useful > >that could be used to cause problems later. > > > >Why have OSPF authentication on internal links? Why have chap > authentication > >on dial up lins? After all, who's out there tapping your telephones? > > I understand your reasoning here but I have to slightly disagree with > it. In a LAN I'd possibly agree with this, but if someone is sniffing > your WAN or MAN connections then you have way bigger problems than CDP! > If someone at the telco has inserted a sniffer into the frame relay > network or onto a point-to-point link then they're already going to be > getting a lot more information than CDP provides, and turning CDP off > would be worthless. They'll already see all of your routing updates as > well as all unencrypted traffic. They'll also already know what the > endpoints of that circuit are so how would CDP help them? It wouldn't. > > On a LAN you run into the problem of physical access. If someone can > physically access a hub or a switch they might be able to access your > network. In a case like that perhaps you'd want to turn off CDP, but I'd > suggest upgrading your physical security before turning off CDP. If > there's the potential for a stranger to get into one of your wiring > closets and hook up with a laptop then again, you have much bigger > problems than just CDP.
Like there is just about every place I've ever worked? Your most vulnerable place for physical access is your MDF, and surprise - that seems to be the place where lots of strangers need to get - PBX service people, telco people, electricians, HVAC people, misc vendors from various trades. 2nd most vulnerable place? Branch office / small office closets, which often double as file rooms. None other than Very Large Brokerage Firm had no control process when I worked there. Techs would just show up, and the bozos in New York considered it beneath them to ever bother to inform a branch office tech to expect visitors. Thing is, the room in question contained one of the Company's major communications nodes, covering all of the west coast and asia-pacific data communications for maybe 300 other offices and service centers. My job was to shut up, open the door, and otherwise mind my own business. :-O > > > > > >What do you want - convenience or security? Cuz maybe you can't have > both. > > > >Kinda like at the airport. Maybe you feel safer because they're > searching > >people like me, who really do look like criminals, but do you feel > safer if > >they're searching 80 year old ladies and 5 year old children? Could > either > >one of those types pose a security risk? Interesting tradeoff, isn't > it. > >particularly given certain incidents in a particular country of late. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65348&t=65348 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
