*Aggregation of Net1 and Net2 is done solely by VLAN principles such as 802.1q or Cisco ISL.
*Dist switch will be configured to place Net1 devices in VLAN 1. Net1 is configured for Level 3. The firewall joins VLAN1. Firewall isolates Net1
and provides NAT. Net1 uses 1918 private IP addresses.
*Dist switch will be configured to place Net2 devices in VLAN2. Net2 will be configured for Level 2 (lower security, for development). The Core switch
joins VLAN 2. Net2 has public IP space and potential internet connectivity.
*In such configuration, "isolation" (i.e. firewall) must be maintained between Net1 and all lower networks (including Net2).
Define scenarios which would allow a party traversing the Core to the Net2 or within the Net2 could bypass VLAN restriction and thereby gain access to Net1 resources:
*MAC/ARP spoofing/manipulation attack
*dSniff or similar attack
*Switch hardware/OS attack
If Risk is minimal, what designs/features would enhance/support VLAN1-VLAN2 configuration?:
* Subnet masking
* Switch or VLAN configuration
* Procure replacement for Distribution switches (better hardware?)
What products are available to exploit?
How exploitable are threats to VLAN?
Testing facilities are available. Threats must be exploitable, and will
be perforned to verify.
Any other suggestions will be appreciated. I hope my \__-__/ drawings ;-) and descriptions provide enough information. I have seen papers at sans.org and a few others, as well a recent Cisco bug id CSCdt62732.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...