Re: VALN hopping

[Micheal Espinola Jr <michealespinola () gmail com>]

Agreed.  I would not trust logical seperation for a DMZ.

On 9/28/05, Hayes, Ian <Ian.Hayes () wynnlasvegas com> wrote:
> Safeguard against traversing VLANs is getting better, but I still don't
> like the idea of having mixed security VLANs on the same switch. There
> are still a number of exploits that have a chance of working, such as
> CAM table flooding. IMHO, good design physically separates the security
> zones- you really can't rely that logical constraints are going to
> always work, but then I'm a belt-and-suspenders kind of guy when it
> comes to network design. I'm expecting something to fail.
>
> Ian Hayes | Senior Systems Engineer
> Wynn Las Vegas
> 3131 South Las Vegas Blvd, Las Vegas, NV 89109
> Ph (702) 770-3252 | Cell (702) 266-6002
> Ian.hayes () wynnlasvegas com
>
> > -----Original Message-----
> > From: josh () tstc edu [mailto:josh () tstc edu]
> > Sent: Wednesday, September 28, 2005 9:59 AM
> > To: security-basics () securityfocus com
> > Subject: VALN hopping
> >
> > WWe are having a heated discussion about using VLAN's as a type of
> DMZ, so
> > I am asking the experts.  I prsonally like to see physical isolation;
> > however, our network person doesn't feel there is a threat of VLAN
> > hopping.  Please let me know your opinions.
> >
> > Thank you,


--
ME2  <http://www.santeriasys.net/>