Security Basics mailing list archives
Re: Different terms for the same or more secure?
From: maddhatt+securitybasics () cat pdx edu
Date: Thu, 24 Aug 2006 22:44:34 -0700
"Hylton Conacher(ZR1HPC)" <conacher.co.za!hylton> said (on 2006/08/21):
... What further confuses me is that I read on Google that vlans can also have subnets. Could someone define each for me and the list and also why one is more secure than the other. Tnx Hylton
You're familiar with the 7-layer OSI model? Vlans are a layer 2 entity; Subnets are layer 3. A vlan defines the broadcast domain of an ethernet frame (as one commonly-used layer 2 example). A subnet defines the broadcast domain of an IP (for example) packet. Collision domains are the synonymous layer 1 concept. Vlans and subnets are apples and oranges, so a security comparison between the two is meaningless. To illustrate, suppose A and B are on the same subnet, but different vlans. When A wants to talk to B, it will send an arp request with a broadcast mac address. All computers on A's vlan will see this arp request. Because B is on a different vlan, it will not see the arp request. Instead, we need a router (R, let's say) who has interface(s) on A's vlan and B's vlan. R will have to answer A's arp with its own mac address. A will create a frame with R's mac as destination, containing an IP packet with B's IP address as destination. The frame will reach R, who will change the destination mac address to B's mac and send it out on B's vlan. The process works in reverse when B wishes to talk to A. For the sake of sanity, many organizations align their layer 2 vlans with their layer 3 subnets. This makes it easier to conceptually grasp the network's layout. There's a lot more that could be said about network design, but I'll end it here having reasonably answered your question. Trying to combine layer 2 and layer 3 has to be one of the most common confusions afflicting young (well, new to the field, at least) network minions. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 22)
- Re: Different terms for the same or more secure? maddhatt+securitybasics (Aug 25)
- <Possible follow-ups>
- Re: Different terms for the same or more secure? eliterhythm (Aug 24)
- Re: Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 28)
- RE: Different terms for the same or more secure? Anhtuan Huynh (Aug 25)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- RE: Different terms for the same or more secure? Robert D. Holtz - Lists (Aug 28)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- Re: Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 25)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- Re: Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 28)
- RE: Different terms for the same or more secure? David Gillett (Aug 29)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- Re: Different terms for the same or more secure? Brian Loe (Aug 28)