|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Q on external router
tqbf
secnet.com
Thu, 23 Apr 1998 15:15:18 -0500 (CDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Roel JT Jonkman: "Re: switched DMZ (was Q on external router)"
- Previous message: tqbfsecnet.com: "Re: Q on external router"
- In reply to: Marcus J. Ranum: "Re: Q on external router"
- Next in thread: Eric Vyncke: "Re: Q on external router"
- Reply: Eric Vyncke: "Re: Q on external router"
> Thus, in my opinion (but have a look at my email address to see
> that I could be biased ;-) ), the switch can increase the DMZ security
> if:
> - it uses static mapping
> - as you put part of your security in the switch configuration, you
> must obviously secure your switch config (OTP, ACL, management via
> console only, ...)
What about problems that fault the switch itself? We have seen bugs that
crash 3Com switches due to poor IP stack implementation; Cisco is aware of
bugs that affect their Catalyst platforms as well. What assurance do we
have that switches are implemented with the same attention to security as
firewalls?
-----------------------------------------------------------------------------
Thomas H. Ptacek Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
- Next message: Roel JT Jonkman: "Re: switched DMZ (was Q on external router)"
- Previous message: tqbfsecnet.com: "Re: Q on external router"
- In reply to: Marcus J. Ranum: "Re: Q on external router"
- Next in thread: Eric Vyncke: "Re: Q on external router"
- Reply: Eric Vyncke: "Re: Q on external router"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:48 CDT