Firewall Wizards mailing list archives
Re: Vlan's as effective security measures?
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Tue, 17 Feb 2004 08:33:38 -0800
On Friday 13 February 2004 08:58, hugh_fraser () dofasco ca wrote: <SNIP>
Policies controlling access to VLANs depend upon some method of identifying the client, and it's usually either a MAC address or a switch port. MAC addresses are readily obtained and almost as easily forged as IP addresses, allowing access to a MAC-based VLAN. Port-based identification relies on restricted access to the ports themselves, or to the drop connected to the port.
<SNIP> Enterasys does this really well. They establish an identity for the port (integrates w/ AD - LDAP) and assign VLAN accordingly. I haven't tested this solution myself. I know that it is being looked at by the US Veteran's Administration - they have their own "ITSCAP" style accreditation process. It /seems/ that this woud be resistant to MAC / Cam table attacks and other dsniff-style tricks. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Transparent proxying, (continued)
- Transparent proxying jm (Feb 12)
- Re: Transparent proxying Luke Butcher (Feb 12)
- Re: Transparent proxying kaptain (Feb 12)
- Re: Transparent proxying Ng Pheng Siong (Feb 13)
- RE: Vlan's as effective security measures? Melson, Paul (Feb 10)
- Re: Vlan's as effective security measures? Brian Ford (Feb 12)
- Re: Re: Vlan's as effective security measures? Brian Ford (Feb 12)
- Re: Vlan's as effective security measures? Todd Joseph (Feb 13)
- Re: Vlan's as effective security measures? Brian Ford (Feb 16)
- Re: Vlan's as effective security measures? Todd Joseph (Feb 13)
- RE: Re: Vlan's as effective security measures? hugh_fraser (Feb 16)
- Re: Vlan's as effective security measures? Jeremiah Cornelius (Feb 20)
- RE: Re: Vlan's as effective security measures? Brian Ford (Feb 16)
- RE: Re: Vlan's as effective security measures? hugh_fraser (Feb 20)