[fw-wiz] scanning...

From: Brian Loe (knobdy_at_gmail.com)
Date: 11/02/05

  • Next message: Paul D. Robertson: "[fw-wiz] New Webboard"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 2 Nov 2005 08:22:41 -0600

    Let me ask all of you a fairly generic question that should garner
    lots of different ideas. Let us say that you have gone to work for a
    new company as a network admin. It is a fairly complex network with
    multiple routers, switches and firewalls (a firewall for every router,
    let's say). The current network team has no formal training and have
    done all of their learning on the job, following a contracting company
    who was paid to initially setup the network.

    Okay, so how would you go about mapping out this network? You don't
    have the understanding of devices by name yet, and each device is
    likely to have 20 interfaces on it, with 20 IPs for 20 networks! You
    live on a "management network", but it's only "management" because
    it's a subnet which has been given telnet access to all of the devices
    on the network - in other words, scanning with your usual tool (LAN
    MapShot from Fluke - in my case, because it CAN start a pretty good
    network diagram directly in Visio) from your "management" network
    won't show you anything than it will from any other subnet.

    Follow what I mean? Ideas? Pretend the network is yours and you're
    free to change anything you want - where would you start?
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "[fw-wiz] New Webboard"

    Relevant Pages

    • Re: Is it possible to create a secure AD environment for widely dispersed PCs behind other instiutio
      ... a cold sweat just thinking about creating an unwieldy IPSEC VPN network. ... A lot of the machines connect to Cisco gatekeepers, ... The firewalls would never allow it. ... Any management traffic would need to be sent encrypted so I ...
    • Re: Down with DHCP!!!!
      ... going to staic IP's would be a management nightmare ... (speaking as someone who managed a static IP network ... Security is always a compromise; ... Computer Emergency Response Teams, and Digital Investigations. ...
    • RE: Down with DHCP!!!!
      ... Managing/monitoring the DHCP pools as assignments yourself ... -Other management tools as in Asset ... Security Administrator ... Network Operations-ICW Group ...
    • Re: VPN question
      ... > network and the RRAS/ISA server in the perimeter network. ... > is forwarded to the security zone (subnet), through a new tunnel, to get ... You have to run one Tunnel inside the other Tunnel to even get across a B2B ... Your intent to do this with firewalls is just simply wrong. ...
    • Re: question about IT budgets
      ... However, I cannot get Management ... company's network with equipment purchased at Staples, ... yeah - get their signature on the revised estimate. ... weekend writing, reading, pondering, strategizing, etc. Basically, I share ...