Security Basics mailing list archives
Re: Access Lists on Layer-3 Switches
From: "Raghu Chinthoju" <chraghu.ml () fusemail com>
Date: Tue, 17 Feb 2004 13:55:44 +0530
Access lists on any router degrade the performance by reducing the throughput and introducing latency (might be negligible for most of the applications). Depending the complexity of the accesslists, they eat up considerable amount of memory and processor. I would suggest you to consider the current resource (network, CPU mem etc) usage percentages, criticality of the device, your throughput requirements etc and then take a decision on implementing accesslists on L3. On the other hand, VLANs are just logical separation and aren't as secure as physically separated ones. When you are considering security between inter VLAN communication, you need to seriously conceder this. If the budget permits and requirements are justified, you may go for physically separate switched networks. Or else, you need to tightly secure your L2 configuration. Raghu ----- Original Message ----- From: <tococomic () hushmail com> To: <security-basics () securityfocus com> Sent: Tuesday, February 17, 2004 12:22 AM Subject: Access Lists on Layer-3 Switches
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you think that there is any significant drawback of using access lists on layer-3 switches in comparison with access lists on routers? Can you reach the same security (packet-filtering)with the switch solution (layer 3) or is a router for an internal network separation a must? -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkAxEXcACgkQHXIytGYYLEFGswCcD8UYACmH9Jk8Hz0RUOVhUvPExP8A njj4C56707LSL+AGM2Tylxin9cOe =U6hy -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 --------------------------------------------------------------------------
-
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Access Lists on Layer-3 Switches tococomic (Feb 16)
- Re: Access Lists on Layer-3 Switches Raghu Chinthoju (Feb 17)
- <Possible follow-ups>
- RE: Access Lists on Layer-3 Switches Batkin, Seva (Feb 17)