Firewall Wizards mailing list archives
Re: Vlan's as effective security measures?
From: Brian Ford <brford () cisco com>
Date: Thu, 12 Feb 2004 13:06:26 -0500
Larry,If you search some of the presentations that have been given at conferences like DefCon or BlackHat (or Cisco Networkers) over the past 2 years you'll find the scoop about the security of VLANs. We should all say thank you to Dug Song.
At the end of your message you quoted something about:
the claim that nothing can possibly > > leak across a blade enclosure > > backplane sounds a lot like the old claims about VLANs being > > effective security devices
Just to be clear but based on my own experience with switches if you are looking at leaks from "blade enclosure backplanes" you might as well start looking for leakage from PCI slot connectors and PCB boards. There is no comparison between switch physical back plane architecture and VLAN security.
If you are concerned about protecting the back plane of a switch then use steel doors, good locks, and a good physical security policy.
Liberty for All, Brian At 12:00 PM 2/10/2004 -0500, firewall-wizards-request () honor icsalabs com wrote:
Message: 3 From: "Ware, Larry" <LWare () e-one com>To: "'firewall-wizards () honor icsalabs com'" <firewall-wizards () honor icsalabs com>Date: Mon, 9 Feb 2004 14:00:48 -0500 Subject: [fw-wiz] Vlan's as effective security measures? Forgive a long out of field, and now working on getting back up to speed firewall admin, but would someone care to educate me concerning the security issues related to VLAN's? I have lots of them, and need to know why a VLAN is not an effective adjunct to firewall and router security policies. -larry > -----Original Message----- <snip> > > > > My immediate response is no - the claim that nothing can possibly > > leak across a blade enclosure > > backplane sounds a lot like the old claims about VLANs being > > effective security devices - <snip>
Brian Ford Consulting Engineer, Security & Integrity Specialist Office of Strategic Technology Planning Cisco Systems Inc. http://www.cisco.com/go/safe/The opinions expressed in this message are those of the author and not necessarily those of Cisco Systems, Inc..
This email address is transmitted from San Jose, California, U.S.A.. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Vlan's as effective security measures? Ware, Larry (Feb 09)
- Re: Vlan's as effective security measures? John Hall (Feb 09)
- Re: Vlan's as effective security measures? avraham shir-el (arthur sherman) (Feb 11)
- Re: Vlan's as effective security measures? John Hall (Feb 12)
- Re: Vlan's as effective security measures? Daniel Linder (Feb 12)
- Transparent proxying jm (Feb 12)
- Re: Transparent proxying Luke Butcher (Feb 12)
- Re: Transparent proxying kaptain (Feb 12)
- Re: Transparent proxying Ng Pheng Siong (Feb 13)
- Re: Vlan's as effective security measures? avraham shir-el (arthur sherman) (Feb 11)
- Re: Vlan's as effective security measures? John Hall (Feb 09)
- <Possible follow-ups>
- RE: Vlan's as effective security measures? Melson, Paul (Feb 10)
- Re: Vlan's as effective security measures? Brian Ford (Feb 12)
- Re: Re: Vlan's as effective security measures? Brian Ford (Feb 12)
- Re: Vlan's as effective security measures? Todd Joseph (Feb 13)
- Re: Vlan's as effective security measures? Brian Ford (Feb 16)
- Re: Vlan's as effective security measures? Todd Joseph (Feb 13)
- RE: Re: Vlan's as effective security measures? hugh_fraser (Feb 16)
- Re: Vlan's as effective security measures? Jeremiah Cornelius (Feb 20)
- RE: Re: Vlan's as effective security measures? Brian Ford (Feb 16)
- RE: Re: Vlan's as effective security measures? hugh_fraser (Feb 20)