NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2005-q3

Re: [ISSForum] Probability of Bybassing Proventia G400/2000

From: Palmer, Paul (ISSAtlanta) (PPalmeriss.net)
Date: Mon Jul 25 2005 - 17:31:31 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I presume you have the two ports in passive/IDS mode.

In that case it is 0%. However, it is always possible for someone to
accidentally change the policy from passive to inline. If this occurs,
the G would attempt to forward packets around your firewall.

That being said, it is often not a problem in practice as you would
typically use taps or a read-only SPAN port to get the packets from the
network. So, even if the G did begin to forward packets from an
accidental policy change, they would have nowhere to go.

Is there something unique about your environment that makes your
situation more complicated?

-----Original Message-----
From: issforum-bouncesatla-mm1.iss.net On Behalf Of Mohannad S. No'man
Sent: Sunday, July 24, 2005 12:46 PM
To: issforumatla-mm1.iss.net
Subject: [ISSForum] Probability of Bybassing Proventia G400/2000

What is the probability for Proventia G400/2000 to be bypassed if one
port was connected to a segment located after the firewall, and another
port was connected to a segment located before the same firewall?

If the probability for that is 0%, do you have any official document
that can prove that?

Regards,

Mohannad

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforumiss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforumiss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]