|
|
Penetration Testing
Vulnerability Assessment of VLAN Jan 12 2011 09:16AM informationhacker08 (informationhacker08 gmail com) (4 replies) Re: Vulnerability Assessment of VLAN Jan 13 2011 05:12PM Curt Purdy (infosysec gmail com) (2 replies) Re: Vulnerability Assessment of VLAN Jan 13 2011 07:58PM Christophe Vandeplas (christophe vandeplas com) |
|
Privacy Statement |
1. If the VLAN you're on is not the trunk (usually 1) then there should
only be traffic for that VLAN going through it. If you listen with
tcpdump/wireshark on said VLAN, and cause an ARP or other L2 broadcast
on another VLAN then you should be able to confirm if this is the case.
Otherwise, check vuln lists for the device and OS version (e.g. IOS,
CatOS, FTOS) to see if there are any references to VLANs contaminating
each other.
2. As Curt said, CIS is a good way to go if the
firewall type is on there. If not, you'll have to have a search for that
specific breed and/or adapt general sections of the CIS guidelines. If
it's a firewall with which you're highly unfamiliar you're best seeing
if you can involve someone who knows it, but if that isn't an option
then do check the CIS and look over the configuration from a network
connectivity PoV, then check the physical and VLAN topology afterwards
to confirm that the firewall can't be bypassed by someone just outside
it or more distant.
S
> Date: Thu, 13 Jan 2011 12:12:58 -0500
> Subject: Re: Vulnerability Assessment of VLAN
> From: infosysec (at) gmail (dot) com [email concealed]
> To: informationhacker08 (at) gmail (dot) com [email concealed]
> CC: pen-test (at) securityfocus (dot) com [email concealed]
>
> Cannot answer #1, but would be interested if there is anything
> analogous to dsniff on a switched network for VLANs.
>
> As for #2, the type and brand of firewall makes a lot of difference,
> in particular in which vulns & configuration problems you might be
> looking for. A nice tool for cisco is CIS rat (just feed in the
> config, and it will spit out problems it finds). A nice short generic
> whitepaper is one by Bennet Todd.
>
> If you are talking about auditing and not pen-testing, look for old,
> no longer used ACLs. Of the hundreds of lines, many are useless, and
> may do more harm than good. I have seen holes intentionally stuck in
> the middle of lists that no one ever saw because it was a rat's nest.
>
> Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
> infosysec (at) gmail (dot) com [email concealed]
> purdy (at) tecman (dot) com [email concealed]
>
>
>
> On Wed, Jan 12, 2011 at 4:16 AM, informationhacker08
> <informationhacker08 (at) gmail (dot) com [email concealed]> wrote:
> >
> > 1)Conducting Vulnerability assessment of a server that exist in a different
> > VLAN and the your machine is located on other Vlan (No Trunk)
> >
> > 2)Any Good Paper on Firewall Auditing. I have deep interest in Auditing. Any
> > well known paper that describes how to properly Audit a Firewall. What
> > things should we check in Firewall Auditing.
> >
> > Regards
> >
> > Informationhacker08
> >
> >
> > --
> > View this message in context: http://old.nabble.com/Vulnerability-Assessment-of-VLAN-tp30631414p306314
14.html
> > Sent from the Penetration Testing mailing list archive at Nabble.com.
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]