Firewall Wizards mailing list archives
Re: Firewalls and 802.1q trunking
From: ark () eltex ru
Date: Wed, 27 Nov 2002 19:59:12 +0300
And they are not. There is another good point: generic secure network design common sense requires that there should NOT be any hardware connection point between networks except the firewall. Even a switch, a machine with packet forwarding turned off, NOTHING, even a network printer with two interface cards if one ever exists. On Wed, Nov 27, 2002 at 08:00:14AM +0000, David Pick wrote:
My concern is that the "fan-out" boxes are typically run-of-the-mill switches, like Cisco Catalysts, that probably have been design without any security aspirations. I wouldn't be surprised if those switches could be attacked and tricked into leaking packets between VLANs.A valid concern. My attitude is simple: * If the switches are secure enough to keep VLANs seperated for normal traffic then they're secure enough to use as interfaces to your firewall * If they're not, well, they're not!
-- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewalls and 802.1q trunking Steffen Kluge (Nov 26)
- Re: Firewalls and 802.1q trunking Two Dog Flats (Nov 26)
- Re: Firewalls and 802.1q trunking Carson Gaspar (Nov 26)
- Re: Firewalls and 802.1q trunking David Pick (Nov 27)
- Re: Firewalls and 802.1q trunking ark (Nov 27)
- Re: Firewalls and 802.1q trunking R. DuFresne (Nov 27)
- Re: Firewalls and 802.1q trunking Jonn Martell (Nov 27)
- <Possible follow-ups>
- Re: Firewalls and 802.1q trunking Pearsall, Jim (Nov 27)
- Re: Firewalls and 802.1q trunking David Pick (Nov 27)
- Re: Firewalls and 802.1q trunking Stephen Gill (Nov 27)