Re: 3rd party vuln assesment firms


From an operational security perspective, I'd strongly suggest reconsidering a blanket disablement of CDP.

You're absolutely correct, one should disable CDP at the peering edge, customer edge, IDC edge, and access edge - any untrusted edge, which really means *any* edge. But up through distribution/ aggregation and core, one can actually end up having a negative impact on the security of one's network by disabling CDP in those non- edge portions of the topology; when one's in the middle of a big incident and jumping hop-by-hop and needs to be able to readily see what one's neighbor devices are, it's invaluable and saves lots of time when working to resolve the issue at hand.

If a network operator finds himself in a situation in which he's disabled CDP on all his edges, he's left it enabled deeper in the toplogy and an attacker is *still* in a position to be able to see it anyways (i.e., can log into the distribution/aggregation/core network infrastructure and/or sniff traffic from those links), he in all probability has bigger problems than worrying about CDP, and losing the visibility it affords in non-edge portions of the network doesn't contribute the the overall security posture of the network infrastructure; quite the opposite.


On Dec 27, 2005, at 1:26 PM, raven@xxxxxxxxxxxxxxx wrote:

 recommending that you disable CDP
when it's not in diagnostic use


----------------------------------------------------------------------
Roland Dobbins <rdobbins@xxxxxxxxx> // 408.527.6376 voice

     Everything has been said.  But nobody listens.

                   -- Roger Shattuck


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Relevant Pages

  • [NEWS] Multiple Red-M 1050 Blue Tooth Access Point Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... compatible devices looking to obtain IP network access. ... * Red-M 1050 Access Point Management Web Server DoS ... A number of other IP/Layer2 based attacks for traffic redirection ...
    (Securiteam)
  • Re: Fwd: Penetration test of 1 IP address
    ... the client had asked him if they could test the "security" of the boxes ... on his network, and they agreed that they could. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • REVIEW: "Hacking Exposed", Stuart McClure/Joel Scambray/George Kurtz
    ... Network Security Secrets and Solutions, ... Part three deals with network weaknesses. ... a few denial of service attacks. ...
    (comp.security.misc)
  • repost from the blackhat convention about web parts/apps
    ... a South African security consultant. ... Chief of Staff," provides an overview showing what attacks have ... commonly trying to intrude upon your network ... Web apps can encapsulate complex business ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Need help to find web server attacks signature
    ... IT Security Consultant ... >> I see some attacks that seem to be a security scanner tool, ... Better Management for Network Security ... >> - Ensure robust IP security through policy-based management ...
    (Incidents)