Firewall Wizards mailing list archives
Re: Layer 4 switch vs. firewall
From: "istong" <istong () zuniversity com>
Date: Fri, 16 Feb 2001 10:12:06 -0500
I'm curious what you mean when you say that if you are physically present you can get around vlan'd switches. I've always thought vlans were secure. I.E. traffic from one vlan cannot get to another vlan. As for physical security there are several options depending on your make of equipment to secure it. For example I routinely disable ports that are not used - to prevent someone from just plugging in and gaining access to the network. Additionally I set the port to dynamically learn the mac address of devices. Once learned if you try to connect a different device to that port - the port disables itself. Are there other aspects relating to VLAN's and security that come to mind? Ian ----- Original Message ----- From: "Tony Miedaner" <miedaner () twcny rr com> To: "kince@hvbs" <kursat.ince () hvbs havelsan com tr>; <firewall-wizards () nfr net> Sent: Thursday, February 15, 2001 9:40 AM Subject: Re: [fw-wiz] Layer 4 switch vs. firewall
It depends on what you are protecting doesn't it. If you are physically present, VLAN'd Switches alone are easy to get
around.
Layer 3/4 access lists are also easy to get around - change your IP and hookup to the right port and you are talking to something. If your goal is improve LAN performance and get limited visibility to sniffers and the like. A switch will work fine, but I am hesitant to
totally
rely on switch security. If the environment is secure and subnetting is well defined by geography (i.e., dept.) the L3/4 access list provides as much protection as a router with ACL's would. But this goes against VLAN'ing. Also my experience is that switches are difficult to manage (not to
mention
access lists in general) - too easy to make a mistake. Also I do believe that some switches do have the ability to tie MACs to IP hard. but this is probably a management nightmare. That's my 2 cents. ----- Original Message ----- From: "kince@hvbs" <kursat.ince () hvbs havelsan com tr> To: "Firewall Wizards" <firewall-wizards () nfr com> Cc: "Özgür Ergül" <ozgur () tis havelsan com tr> Sent: Wednesday, February 14, 2001 3:22 AM Subject: [fw-wiz] Layer 4 switch vs. firewallHi there, I have a question which I couldn't find an answer. Our LAN w/ 500+ computers (mostly PCs. Sun servers and NT servers also exist). We want some kind of separation (and security) b/w the
departments
of the company. Shall we use a layer 3/4 switch or a firewall we couldn't decide. Can anybody compare layer 3/4 switches w/ firewalls w/ stateful
inspection
using the following criteria: * Management * Thruput * Access control * Logging * Availability * Address translation * Any other useful criteria Thank you in advance Kursat INCE kince () tis havelsan com tr _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Layer 4 switch vs. firewall kince@hvbs (Feb 14)
- Re: Layer 4 switch vs. firewall Drew Simonis (Feb 15)
- Re: Layer 4 switch vs. firewall Tony Miedaner (Feb 15)
- Re: Layer 4 switch vs. firewall istong (Feb 16)
- Re: Layer 4 switch vs. firewall hesselsp (Feb 20)
- Re: Layer 4 switch vs. firewall Drew Simonis (Feb 20)
- Re: Layer 4 switch vs. firewall Crist Clark (Feb 20)
- <Possible follow-ups>
- RE: Layer 4 switch vs. firewall agetchel (Feb 20)
- RE: Layer 4 switch vs. firewall hesselsp (Feb 20)
- RE: Layer 4 switch vs. firewall agetchel (Feb 20)