OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Q on external router

Re: Q on external router


tqbfsecnet.com
Thu, 23 Apr 1998 15:15:18 -0500 (CDT)


> Thus, in my opinion (but have a look at my email address to see
> that I could be biased ;-) ), the switch can increase the DMZ security
> if:
> - it uses static mapping
> - as you put part of your security in the switch configuration, you
> must obviously secure your switch config (OTP, ACL, management via
> console only, ...)

What about problems that fault the switch itself? We have seen bugs that
crash 3Com switches due to poor IP stack implementation; Cisco is aware of
bugs that affect their Catalyst platforms as well. What assurance do we
have that switches are implemented with the same attention to security as
firewalls?

-----------------------------------------------------------------------------
Thomas H. Ptacek Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:48 CDT