Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Layer 3 and Firewall

from [FITNC--Kelvin Tarver] Network Security [Permanent Link]
Subject: Re: Layer 3 and Firewall
Date: Wed, 25 Oct 2006 21:07:03 +0000 
As part of a complete secuity policy/setup, you must have a way of controlling 
even the switch admins privilege and have away to hold him accountable.

There are a few option you want to explore depending on the switch you have and 
your companies security policy.

One example is AAA used with Cisco's switches which requires the admin to use a 
username/password to login. You can use a tacac or radius server to help 
administer this.

 With this you can restrict their rights to a few configs, log any changes 
made, etc.  

There are plent of similar option out there but at some piont you will have to 
trust someone (example the tacac/radius admin).

That may very well be you.  Controlling the tacac/radius server canbe a very 
good optio toconsider.  It all depends.

Hope this was helpful.

Kelvin Tarver
Flexible IT Network Consultant, Inc.
"Making Technology work for you!"
(718) 363-2577

Sent from my BlackBerry® wireless device      

-----Original Message-----
From: Rocky <pixscreenpoint@gmail.com>
Date: Tue, 24 Oct 2006 16:37:21 
To:DaKahuna <da.kahuna@gmail.com>
Cc:pen-test@securityfocus.com
Subject: Re: Layer 3 and Firewall

another paranoid manager hehehe



On 10/6/06, DaKahuna <da.kahuna@gmail.com> wrote:


Could you be more specific on the technical solution- because that is
what I am looking for urgently? I am not worried about VLAN hopping or
any other user-inititated attack ? . I am only worried about the
switch admin playing foul.


If you can't trust your switch admin then you need to replace him
with someone you can trust.
Administrator's are people in a position that requires unequivocal
trust. In order to be effective in their jobs they need to be
privileges that go beyond those of normal users.



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Windows XP / 2K3 Default Users, Joey Peloquin
Next by Date:  Commercial Wireless Pentesting Software, Isaias Calderon
Previous by Thread:  Re: Layer 3 and Firewall, Rocky
Next by Thread:  RE: Layer 3 and Firewall, Starkey, Kyle (Salt Lake City)
Indexes:  [Date] [Thread] [Top] [All Lists]