Firewall Wizards mailing list archives

Re: Q on external router

From: tqbf () secnet com
Date: Thu, 23 Apr 1998 15:15:18 -0500 (CDT)

Thus, in my opinion (but have a look at my email address to see
that I could be biased ;-) ), the switch can increase the DMZ security
if:
- it uses static mapping
- as you put part of your security in the switch configuration, you
  must obviously secure your switch config (OTP, ACL, management via
  console only, ...)


What about problems that fault the switch itself? We have seen bugs that
crash 3Com switches due to poor IP stack implementation; Cisco is aware of
bugs that affect their Catalyst platforms as well. What assurance do we
have that switches are implemented with the same attention to security as
firewalls? 

-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf    "If you're so special, why aren't you dead?"

Current thread:

Q on external router Vinci Chou (Apr 22)
- Re: Q on external router Vinci Chou (Apr 22)
  - Re: Q on external router Bennett Todd (Apr 22)
  - Re: Q on external router Bernhard Schneck (Apr 22)
    - Re: Q on external router Eric Vyncke (Apr 23)
    - Re: Q on external router tqbf (Apr 23)
    - Re: Q on external router Eric Vyncke (Apr 24)
    - Re: Q on external router tqbf (Apr 24)
    - RE: Q on external router Andrew J. Luca (Apr 24)
  - Re: Q on external router Adam Shostack (Apr 23)
    - Re: Q on external router Marcus J. Ranum (Apr 23)
    - Re: Q on external router tqbf (Apr 23)
    - Re: Q on external router Paul D. Robertson (Apr 24)
    - Re: Q on external router Eric Vyncke (Apr 24)
    - Re: Q on external router tqbf (Apr 24)
    - Re: Q on external router darrenr (Apr 24)

(Thread continues...)