Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Layer 3 and Firewall

from [dubaisans dubai] Network Security [Permanent Link]
Subject: Layer 3 and Firewall
Date: Thu, 5 Oct 2006 12:02:03 +0530 
Is it a BAD idea to have multiple logical segments of a Firewall
connected to the same physical switch?

One of our customers has a Cisco 6509. All VLANs are Layer 2. The
server segment multiple User LANs are all terminated here on the same
6509. The default gateway for these Layer 2 VLAN is on the Checkpoint
Firewall. So al access from UserLAN to server segment is through the
Firewall rulebase.

The threat I see is if the network switch administrator wants to
bypass Firewall, he can just disconnect the Firewall links and make
the VLANs Layer 3 and there is no security. After malicious activites
he can very well connect the Firewall and revert back to Layer 2.

Is that a valid threat ? Is it High risk ? What controls are possible
? Are multiple physical switches required.?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Informing Companies about security vulnerabilities..., Dragos Ruiu
Next by Date:  RE: Informing Companies about security vulnerabilities..., Michael Scheidell
Previous by Thread:  Informing Companies about security vulnerabilities..., Joseph McCray
Next by Thread:  RE: Layer 3 and Firewall, Paul Melson
Indexes:  [Date] [Thread] [Top] [All Lists]