RE: How much "out of band" is enough ?

["Badger, Jared" <Jared.Badger () acs-inc com>]

Rainer,

It depends on your level of paranoia.  VLAN's cannot provide security if,
for instance, VTP or 802.1q is tampered with, or if the switches themselves
become compromised.

Jared

-----Original Message-----
From: Rainer Duffner [mailto:rainer () ultra-secure de] 
Sent: Friday, February 04, 2005 10:47 AM
To: focus-ids () securityfocus com
Subject: How much "out of band" is enough ?

Hello,

I'd like to know, how the "out of band" management of IDS and related 
SW/HW is done in various environments.

E.g.: for LAN, is it necessary to use separate switches or are VLANs 
enough ?
(May depend on the policy).
And for WAN, do you rent separate leased-lines or is it just another 
VPN-tunnel in the line ?




Thanks in advance,
Rainer

-- 
===================================================
~     Rainer Duffner - rainer () ultra-secure de     ~
~           Freising - Munich - Germany           ~
~    Unix - Linux - BSD - OpenSource - Security   ~
~  http://www.ultra-secure.de/~rainer/pubkey.pgp  ~
===================================================


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------