Cisco VPN concetrator security review

From: Michi Ana (lsmek@hotmail.com)
Date: 11/27/01 

Date: 27 Nov 2001 21:18:25 -0000
Message-ID: <20011127211825.22907.qmail@mail.securityfocus.com>
From: Michi Ana <lsmek@hotmail.com>
To: pen-test@securityfocus.com
Subject: Cisco VPN concetrator security review
('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus

Hi all,

I'm doing a security review of a Cisco VPN
concentrator (30xx), and was wondering if anybody
could suggest the appropriate tests to sun on this
product, keeping in mind that I can't perform any DoS
but need to make sure, through the configuration, that
the box is protected from these type of attacks.

Thanx,
-Mich

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: [Lit.] Buffer overruns
    ... > someone who is expert in security and knows some C ... Actually the security review should for the most part ... other field and giving him a crash course in programming will not ... *in each relevant domain*, not across domains. ...
    (sci.crypt)
  • Re: Thou shalt have no other gods before the ANSI C standard
    ... black-box execution is indeed quite useful during a security ... Performance optimization is different from security review. ... are examining the source code, testing is usually of secondary importance. ... manager if you want to determine whether the memory manager scrubs its ...
    (sci.crypt)
  • Re: Thou shalt have no other gods before the ANSI C standard
    ... >this instance the reliability and security requirements were given high ... the quality assurance phase is why these folks need to be articulate. ... software development shops have one crew of developers, ... about a security review, I'm convinced that it is critical to look ...
    (sci.crypt)
  • Re: Thou shalt have no other gods before the ANSI C standard
    ... > security evaluator to use whatever tools are most effective at the tool ... The "what might someone (attacker, ... > evaluating the security of the system per hour spent". ... here is another security review I participated ...
    (sci.crypt)
  • Re: Thou shalt have no other gods before the ANSI C standard
    ... Other typical goals include "evaluate its security and assess the likely ... evaluating the security of the system per hour spent". ... here is an example of one security review I ...
    (sci.crypt)