Security Basics mailing list archives
Re: Different terms for the same or more secure?
From: "Brian Loe" <knobdy () gmail com>
Date: Fri, 25 Aug 2006 14:49:13 -0500
> One definition of "subnet" is that it is a contiguous block of > host addresses. One typically uses such a block of addresses on > a LAN, whether it's physical or virtual. Physical meaning actually there and virtual meaning there but no physically?
If its physically subnetted then there's a router between the subnets. Logically seperated subnets, I suppose, would be vlaned subnets (virtual being logical - not real/physical).
Similar to an IP being divided into subnets ie one for accounting, another for sales etc? How are the node MAC addresses grouped? I would assume by their subnet, which is exactly what a subnet does. A subnet groups similar nodes together so that they can communicate easily with one another and the switches do not need to liaise with those subnet nodes re other services on other subnets. So what does a VLAN do that a subnet doesn't and why is one better than the other?
The only thing a VLAN does is break up broadcast domains. Subnets, on the other hand, are controlled and limited by your IP addressing scheme - and provide nothing, a router or other such device (firewall for instance) is divide them up.
OK. You're starting to get fuzzy as there must be ethernet interference :) Let me get the basics right and solid then I'll explore the other features. >
The switch adds vlan tags to the packets being passed on the network. When you trunk a port you're allowing that port to pass all of those tags as opposed to just one.
OK so a physical subnetted network is 'safer'/'more secure' than a VLAN network.
You will have to "subnet" your VLANs - subnets and VLANS are not interchangable, they're not equivelant. Neither provides security features.
I'm still not getting the difference between a virtual and a physical LAN. Can anyone give me an example of say a company with two branches in different locations with each branch have its own sales and accounts department. I would subnet my IP such:
The two locations will almost always be physically seperate networks because you will need to route between them, same for floors (if each floor has a switch), etc.. In this instance the benefit of a VLAN *may* be the ability to put to similar groups in disparate geographic areas in the same VLAN allowing them to talk to each other "directly". I, however, do not see the benefit in it at all, perhaps someone else can explain the benefit (and I'm talking user VLANs). I would highly suggest picking up a basic networking book. Even an old/used Microsoft Networking study book would go a long ways in your education. A CCNA book would also be a superb step in the right direction. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Different terms for the same or more secure?, (continued)
- Re: Different terms for the same or more secure? maddhatt+securitybasics (Aug 25)
- Re: Different terms for the same or more secure? eliterhythm (Aug 24)
- Re: Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 28)
- RE: Different terms for the same or more secure? Anhtuan Huynh (Aug 25)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- RE: Different terms for the same or more secure? Robert D. Holtz - Lists (Aug 28)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- Re: Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 25)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- Re: Different terms for the same or more secure? Hylton Conacher(ZR1HPC) (Aug 28)
- RE: Different terms for the same or more secure? David Gillett (Aug 29)
- RE: Different terms for the same or more secure? David Gillett (Aug 28)
- Re: Different terms for the same or more secure? Brian Loe (Aug 28)
- Message not available
- Re: Different terms for the same or more secure? Brian Loe (Aug 31)
- RE: Different terms for the same or more secure? Isaac Van Name (Aug 31)