On Thu, 25 Aug 2005, Adam bultman wrote:
> Lots of people do. I'm not aware of too many things you can to do try
> to skip over VLANs. At work, there's two switches, and about 7 VLANs.
> If you aren't on the right vlan, you're stuck. You can't sniff traffic
> on other vlans, period - ports on VLAN1 cannot talk to ports on VLAN2,
> and you need a router to make them talk at all. They're pretty safe -
> safe enough for lots of people to use them. Three legged firewalls
> aren't always available or fast enough (our 5 legged firewall - the
> imagestreams - were horrid with that many ports used)
Agreed. Cisco has a decent intro to VLAN security:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
As the paper points out there are ways to attack it, but with some good
planning and explicit acls I have yet to see a reason why I wouldn't want to
use them, even in DMZ applications.
--Arthur Corliss
Bolverk's Lair -- http://arthur.corlissfamily.org/
Digital Mages -- http://www.digitalmages.com/
"Live Free or Die, the Only Way to Live" -- NH State Motto
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Aug 25 11:06:36 2005
This archive was generated by hypermail 2.1.8 : Thu Aug 25 2005 - 11:06:36 AKDT