Firewall Wizards mailing list archives
RE: DMZ - the physical layer
From: aturner () vicinity com
Date: Wed, 22 Mar 2000 15:35:08 -0800 (PST)
On 16 Mar, Ben Nagy wrote:
-----Original Message----- From: John White [mailto:johnjohn () triceratops com] Sent: Wednesday, 8 March 2000 1:02 PM To: firewall-wizards () nfr net Subject: [fw-wiz] DMZ - the physical layer I was looking through the archives of the greatcircle firewall list and came across some opinions regarding the construction of DMZ's. I'm using Baystack 450's as my backbone switches. Bay 450's have a virtual lan function which can be used to limit a collision domain to specific ports. I was planning on using this function to create the DMZ.Nooo....
Bay's are especially bad choice as (at least historically) a Bay will ignore the VLAN boundry if I know the MAC address of the target. Many a Sun admins have gone insane with Bay switches because Sun has/had the nasty habbit of assigning the same MAC for all the ethernet interfaces on the same box by default. Cisco is better about this, but air-gap is preferred if you can afford it. -- Aaron Turner aturner () vicinity com 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 http://www.vicinity.com
Current thread:
- DMZ - the physical layer John White (Mar 12)
- Re: DMZ - the physical layer Aaron D. Turner (Mar 17)
- Re: DMZ - the physical layer Bennett Todd (Mar 21)
- Re: DMZ - the physical layer Doug Fajardo (Mar 21)
- <Possible follow-ups>
- RE: DMZ - the physical layer fernando_montenegro (Mar 17)
- RE: DMZ - the physical layer Ben Nagy (Mar 21)
- RE: DMZ - the physical layer aturner (Mar 23)
- RE: DMZ - the physical layer Carl Friedberg (Mar 21)
- Re: DMZ - the physical layer Aaron D. Turner (Mar 17)