Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: information harvesting from within the network

from [Henry Anslinger] Network Security [Permanent Link]
Subject: Re: information harvesting from within the network
Date: Thu, 26 May 2005 21:03:10 +1000 (EST) 
@Stake security review of VLANs
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf

VLAN Features
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm

Layer 2 -- The Weakest Link
http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac222/about_cisco_packet_feature09186a0080142deb.html

http://www.cotse.com/mailing-lists/bugtraq/1999/1397.html


http://www.sans.org/resources/idfaq/vlan.php

cheers
Ivan

--- Micheal Espinola Jr <michealespinola@gmail.com>
wrote:

I haven't heard anything in recent years about
anyone getting away
with that - at least not with Cisco equipment.

Do you have any information to support that this is
still a relevant
issue?  Thanks!


On 5/23/05, Andrew Shore
<andrew.shore@holistecs.com> wrote:

VLANs are a management tool not a security tool.

There are many ways to

"jump" vlans with in a switch.

Andy

-----Original Message-----
From: Jason Lopez [mailto:jaylpz@sbcglobal.net]
Sent: 21 May 2005 03:32
To: 'ddjjembe 2'
Cc: security-basics@securityfocus.com
Subject: RE: information harvesting from within

the network


If you have any manage switches, you could put

them on separate VLans,

and
deny them access to your private network...

My two-cents
jay
-----Original Message-----
From: ddjjembe 2 [mailto:ddjjembe2@hotmail.com]
Sent: Thursday, May 19, 2005 7:40 PM
To: security-basics@securityfocus.com
Subject: information harvesting from within the

network


Background:
I work in a university that has university typical

security practices.

Currently any authenticated user can scan the

parts of the network with

tools like LANguard or Nessus and obtain a

considerable amount of

information from them.   Most of the computers in

our network are

windows
computers.  We also have departments with MACs and

*nix machines.


Goal:
If possible, lock down the Windows computers with

group policies and/or

templates to disable this potential unauthorized

information harvesting

users and then restrict scanning ability to the

security group with LDAP


permissions.  Am I on the right track here?

I would like to achieve this without using a host

based firewall.


Group policies have large pool of settings to pick

from.  Narrowing it

down
to a few that disable at least portions would be

appreciated.


Thanks,

ddjembe





_________________________________________________________________

Don't just search. Find. Check out the new MSN

Search!





http://search.msn.click-url.com/go/onm00200636ave/direct/01/










-- 
ME2  <http://www.santeriasys.net/>



Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: user name from security logs, Kevin
Next by Date:  RE: Checking when the OS was first installed, Nobody Special
Previous by Thread:  Re: information harvesting from within the network, Micheal Espinola Jr
Next by Thread:  Security Issues involved with planning DR site & BC, Anton Muthu Kumar.B
Indexes:  [Date] [Thread] [Top] [All Lists]