Security Basics mailing list archives
RE: information harvesting from within the network
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 23 May 2005 21:56:36 +0100
VLANs are a management tool not a security tool. There are many ways to "jump" vlans with in a switch. Andy -----Original Message----- From: Jason Lopez [mailto:jaylpz () sbcglobal net] Sent: 21 May 2005 03:32 To: 'ddjjembe 2' Cc: security-basics () securityfocus com Subject: RE: information harvesting from within the network If you have any manage switches, you could put them on separate VLans, and deny them access to your private network... My two-cents jay -----Original Message----- From: ddjjembe 2 [mailto:ddjjembe2 () hotmail com] Sent: Thursday, May 19, 2005 7:40 PM To: security-basics () securityfocus com Subject: information harvesting from within the network Background: I work in a university that has university typical security practices. Currently any authenticated user can scan the parts of the network with tools like LANguard or Nessus and obtain a considerable amount of information from them. Most of the computers in our network are windows computers. We also have departments with MACs and *nix machines. Goal: If possible, lock down the Windows computers with group policies and/or templates to disable this potential unauthorized information harvesting users and then restrict scanning ability to the security group with LDAP permissions. Am I on the right track here? I would like to achieve this without using a host based firewall. Group policies have large pool of settings to pick from. Narrowing it down to a few that disable at least portions would be appreciated. Thanks, ddjembe _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Current thread:
- information harvesting from within the network ddjjembe 2 (May 20)
- RE: information harvesting from within the network Jason Lopez (May 23)
- Re: information harvesting from within the network Alexander Klimov (May 23)
- <Possible follow-ups>
- RE: information harvesting from within the network Beauford, Jason (May 20)
- RE: information harvesting from within the network D Adler (May 23)
- RE: information harvesting from within the network Andrew Shore (May 23)
- Re: information harvesting from within the network Micheal Espinola Jr (May 24)
- Re: information harvesting from within the network Henry Anslinger (May 26)