Network Security: Detailed info on Re: Managed switches outside firewalls?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Managed switches outside firewalls?

from [Nathaniel Hall] Network Security

[Permanent Link]

Subject:	Re: Managed switches outside firewalls?
Date:	Tue, 29 May 2007 11:08:11 -0500

Hari Sekhon wrote:

I'm not quite sure what security stance to take on this. I know I can restrict the management interface to certain IPs, but I'm still not sure if this is asking for trouble to have switches will accessible IPs. Perhaps I should use a dumb switch and forgo any management features...

I have the same issue where I work. My recommendation to our hardware guys was to use two methods protection:

1) Set the default gateway as your protecting firewall and not the upstream router and do not set any static routes. By doing so, any traffic destined to the switch will be sent to your firewall and not back to the initiating host.

2) Set ACLs to only allow traffic between your trusted network and the switch. This will help prevent any connections being initiated to the switch unless they come from your trusted network.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Managed switches outside firewalls?, Hari Sekhon RE: Managed switches outside firewalls?, Dean Davis RE: Managed switches outside firewalls?, Dedric Ramsey Re: Managed switches outside firewalls?, Ansgar -59cobalt- Wiechers Message not available Re: Managed switches outside firewalls?, Hari Sekhon Re: Managed switches outside firewalls?, Bryan S. Sampsel RE: Managed switches outside firewalls?, ragdelaed RE: Managed switches outside firewalls?, Kenneth Klinzman Re: Managed switches outside firewalls?, Lars Braeuer Re: Managed switches outside firewalls?, Nathaniel Hall <= Re: Managed switches outside firewalls?, jc RE: Managed switches outside firewalls?, Nhon Yeung

Previous by Date:	RE: Disclosure of vulns and its legal aspects..., Craig Wright
Next by Date:	Re: GSEC Study Materials, Michael Hale
Previous by Thread:	Re: Managed switches outside firewalls?, Lars Braeuer
Next by Thread:	Re: Managed switches outside firewalls?, jc
Indexes:	[Date] [Thread] [Top] [All Lists]