Re: Layer 3 and Firewall

From: FITNC--Kelvin Tarver (ktarver@fitnc.com)
Date: Wed Oct 25 2006 - 17:07:03 EDT

• Next message: Isaias Calderon: "Commercial Wireless Pentesting Software"
• Previous message: Joey Peloquin: "Re: Windows XP / 2K3 Default Users"
• In reply to: Rocky: "Re: Layer 3 and Firewall"
• Next in thread: Starkey, Kyle (Salt Lake City): "RE: Layer 3 and Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As part of a complete secuity policy/setup, you must have a way of controlling even the switch admins privilege and have away to hold him accountable.

There are a few option you want to explore depending on the switch you have and your companies security policy.

One example is AAA used with Cisco's switches which requires the admin to use a username/password to login. You can use a tacac or radius server to help administer this.

 With this you can restrict their rights to a few configs, log any changes made, etc.

There are plent of similar option out there but at some piont you will have to trust someone (example the tacac/radius admin).

That may very well be you. Controlling the tacac/radius server canbe a very good optio toconsider. It all depends.

Hope this was helpful.

Kelvin Tarver
Flexible IT Network Consultant, Inc.
"Making Technology work for you!"
(718) 363-2577

Sent from my BlackBerry® wireless device

-----Original Message-----
From: Rocky <pixscreenpoint@gmail.com>
Date: Tue, 24 Oct 2006 16:37:21
To:DaKahuna <da.kahuna@gmail.com>
Cc:pen-test@securityfocus.com
Subject: Re: Layer 3 and Firewall

another paranoid manager hehehe

On 10/6/06, DaKahuna <da.kahuna@gmail.com> wrote:
> >
> > Could you be more specific on the technical solution- because that is
> > what I am looking for urgently? I am not worried about VLAN hopping or
> > any other user-inititated attack ? . I am only worried about the
> > switch admin playing foul.
>
> If you can't trust your switch admin then you need to replace him
> with someone you can trust.
> Administrator's are people in a position that requires unequivocal
> trust. In order to be effective in their jobs they need to be
> privileges that go beyond those of normal users.
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Isaias Calderon: "Commercial Wireless Pentesting Software"
• Previous message: Joey Peloquin: "Re: Windows XP / 2K3 Default Users"
• In reply to: Rocky: "Re: Layer 3 and Firewall"
• Next in thread: Starkey, Kyle (Salt Lake City): "RE: Layer 3 and Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:14 EDT