Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Worms, Air Gaps and Responsibility

From: Rogan Dawes <discard () dawes za net>
Date: Fri, 07 May 2004 17:24:21 +0200


Chris Pugrud wrote:


I've been doing a lot of research over the last several months about how to
isolate desktop and laptop systems from servers using switches and the firewall
filtering capabilities of VLAN routers (layer 3 switches).  I'm working that
research into publishable form, but I can answer more specifically to what you
are suggesting and hopefully get some feedback from the community at the same
time.




This is much easier to manage and deploy than other
methods that suggest placing every system in it's own subnet and VLAN.
I was thinking more along the lines of the bridging firewalls pioneered(?) by the likes of the Lucent Brick, and now readily available in Linux, OpenBSD, etc.
So devices still reside on the same sub-network, but they just can't talk to each other. This does allow for more granularity than simply saying that "public -> private" and "private -> public" is OK.
I wonder what happened to the line of switches that had CheckPoint FW-1 embedded in them . . . ;-) Ahead of their time, perhaps? (circa 1998) 

Regards,

Rogan
--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: