I have an audit coming up and I wanted to find out what the risks are for the following setup and see what my defensive position might be.
We have a border router that goes to a firewall. On the other side of the firewall is a DMZ with servers that people have access to. Beyond that the connection goes to a layer 2 switch. The layer 2 switch then goes to a FWSM on another switch. Technically it is a DMZ, but it has an extra switch in the way. I wanted to find out what the risks are in terms of hackers. What if someone compromized the switch without the FWSM? There are other VLANS on that switch. Is there any way for a hacker to get to the other VLANS from that switch? I'm trying to determine the worst case scenario is to prepare myself for the auditors.